Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

laurischarf
Contributor II

Log out of Sense (after SAML login)

Our users will log into Qlik Sense (version: June 2017) via Okta SSO. In testing it, it appears that the only way to log out is to close the browser completely. Since I can't count on users to do so, is there a way to log out the user completely when he clicks the logout button under his username in the Hub?

Put another way, does Sense support SAML SLO (Single Log Out)?

Message was edited by: Lauri Scharf

Tags (1)
1 Solution

Accepted Solutions
laurischarf
Contributor II

Re: Log out of Sense (after SAML login)

To close this thread, we have successfully implemented 2nd factor authentication in Okta. We set Okta to require it at every login, which forces the browser to redirect to Okta when the user logs out and also when the session times out (based on the session timeout setting in the QMC).

I strongly encourage Qlik to add SAML SLO to Sense! It's a bit goofy to have implemented SAML SSO without SLO. You let users securely log in but not out... for organizations like us, with sensitive data, this is a show-stopper. Thankfully Okta provides a workaround.

2 Replies
laurischarf
Contributor II

Re: Log out of Sense (after SAML login)

Sense does not currently support SAML SLO. It is a known enhancement request.

As a workaround, I am experimenting with Okta's multi-factor feature. Initial testing is promising. I set Okta to require a 2nd factor at every login (this is the most stringent option).

Other discussions here point to an API solution.

laurischarf
Contributor II

Re: Log out of Sense (after SAML login)

To close this thread, we have successfully implemented 2nd factor authentication in Okta. We set Okta to require it at every login, which forces the browser to redirect to Okta when the user logs out and also when the session times out (based on the session timeout setting in the QMC).

I strongly encourage Qlik to add SAML SLO to Sense! It's a bit goofy to have implemented SAML SSO without SLO. You let users securely log in but not out... for organizations like us, with sensitive data, this is a show-stopper. Thankfully Okta provides a workaround.