Solved: Log out of Sense (after SAML login) - Qlik Community

Lauri · ‎2017-09-05

Our users will log into Qlik Sense (version: June 2017) via Okta SSO. In testing it, it appears that the only way to log out is to close the browser completely. Since I can't count on users to do so, is there a way to log out the user completely when he clicks the logout button under his username in the Hub?

Put another way, does Sense support SAML SLO (Single Log Out)?

Message was edited by: Lauri Scharf

Lauri · ‎2017-09-15

To close this thread, we have successfully implemented 2nd factor authentication in Okta. We set Okta to require it at every login, which forces the browser to redirect to Okta when the user logs out and also when the session times out (based on the session timeout setting in the QMC).

I strongly encourage Qlik to add SAML SLO to Sense! It's a bit goofy to have implemented SAML SSO without SLO. You let users securely log in but not out... for organizations like us, with sensitive data, this is a show-stopper. Thankfully Okta provides a workaround.

View solution in original post

Lauri · ‎2017-09-08

Sense does not currently support SAML SLO. It is a known enhancement request.

As a workaround, I am experimenting with Okta's multi-factor feature. Initial testing is promising. I set Okta to require a 2nd factor at every login (this is the most stringent option).

Other discussions here point to an API solution.

Lauri · ‎2017-09-15

To close this thread, we have successfully implemented 2nd factor authentication in Okta. We set Okta to require it at every login, which forces the browser to redirect to Okta when the user logs out and also when the session times out (based on the session timeout setting in the QMC).

I strongly encourage Qlik to add SAML SLO to Sense! It's a bit goofy to have implemented SAML SSO without SLO. You let users securely log in but not out... for organizations like us, with sensitive data, this is a show-stopper. Thankfully Okta provides a workaround.