Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
wdchristensen
Specialist
Specialist
‎2019-04-02 05:30 PM

Improve process for user access to Qlik Sense (auto allocate / revoke token based on AD group)

In our production environment, adding a Qlik user works as follows:

  • Add a user to an AD group (ABC_Stream_AD_GRP)
  • QMC sync task runs for AD Qlik Users and Qlik Groups
  • The user must attempt to login to Qlik\hub (I can’t see the user in the QMC until this occurs).
  • User receives an error that no token has been assigned.
  • Allocate a token to the user.
  • If the user transfers or terminates, manually revoke the token.

Unfortunately, this process introduces Senior Leadership to Qlik with the perception that the product isn’t stable or scalable. Please help me automate my process so it can eliminate the need for a failed login attempt and manual token assignments. Is it possible to create a user access rule that that would work like:

If(User.ADGroupMembershipNames LIKE ‘%Qlik%’ AND User.Status = ‘Active’, Action.AllocateToken, Action.RevokeToken)

Labels (1)
Labels
2,237 Views
0 Likes
2 Solutions

Accepted Solutions
gandalfgray
Specialist II
Specialist II
‎2019-04-03 08:42 AM

If you use the User access/Login access type of licenses you could do like we do:

 

Set up a "Session pool" https://<your_server>/qmc/loginaccessrules

This pool should have a rule like

((user.group="ldap-data.access.qs"))

or whatever you like

(our rule allows users that are effective members of data.access.qs access to that session pool)

 

Then we have an app that reads the QS Repository to identify users that uses lots of sessions which would be candidates for getting a User license instead

View solution in original post

2,213 Views
wdchristensen
Specialist
Specialist
‎2019-04-09 05:24 PM
Author

All of my AD group have 'QLIK' in the name so I can easily automate the allocation as follows: 

AutomateQlikLicense.png

View solution in original post

2,164 Views
0 Likes
3 Replies
gandalfgray
Specialist II
Specialist II
‎2019-04-03 08:42 AM

If you use the User access/Login access type of licenses you could do like we do:

 

Set up a "Session pool" https://<your_server>/qmc/loginaccessrules

This pool should have a rule like

((user.group="ldap-data.access.qs"))

or whatever you like

(our rule allows users that are effective members of data.access.qs access to that session pool)

 

Then we have an app that reads the QS Repository to identify users that uses lots of sessions which would be candidates for getting a User license instead

2,214 Views
jlongoria
Creator
Creator
‎2019-04-05 10:59 AM

From your active directory UDC you can sync users based on AD group memberships. You can then create allocate access rules to auto allocate license to users that belong to appropriate group(s). I've only worked with professional/analyzer and don't know if there is similar approach to tokens.

Steps I followed:

  • Create SenseProfessional and SenseAnalyzer AD groups
  • Assign users to groups using AD tools
  • Create UDC using those groups in LDAP filter for UDC (no one else will be able to login with this approach)
  • Create allocation rule to allocate license if user has appropriate group assigned
  • When user logs in they will be allocated license appropriately

 

2,195 Views
wdchristensen
Specialist
Specialist
‎2019-04-09 05:24 PM
Author

All of my AD group have 'QLIK' in the name so I can easily automate the allocation as follows: 

AutomateQlikLicense.png

2,165 Views
0 Likes