Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

lucienorrin
Contributor

Trusted Domain Users and UDC

I have users in two domains that need access to Qlik Sense. I am syncing one root AD group in domain A with my UDC. All users are members of this group through group nesting. Everything works fine within domain A.

I can even add domain B users to a nested group in domain A and they will be created in Sense.

However, none of the domain B users' group membership is brought in with it.

We are using custom properties mapped to an AD group to assign permissions in Sense so the users from domain B have no permissions. 

Domain B users are direct members of group1 in Domain A that is a member (nested) of group2 that is synced with a Sense UDC.

We have a two-way transitive trust between the domains.

My question is, how do I get the UDC (AD/LDAP) to resolve the group membership of users in an external domain?

1 Reply
lucienorrin
Contributor

Re: Trusted Domain Users and UDC

Ok, so it turns out the users from domain B are not synced. It just so happens the users tried to access the hub and were created automatically in Sense.

The user account is still not associated (in Sense) with the groups in domain A they are members of.

Is this a limitation of LDAP?

It looks like external users are represented as ForeignSecurityPrincipals (SIDs) when using LDAP.

I would like to add this is ridiculously easy using powershell...

Get-ADGroupMember -Identity <Group> -Recursive | select name

Community Browser