Qlik Community

Qlik Sense on AWS & Azure

Discussion board where members can learn more about Qlik Sense deployments on Public Cloud Infrastructures such as AWS and Azure.

ennioaoki
New Contributor II

User Directory Connector with Azure AD

Hello, I had a User Directory Connector (UDC) configured with our on premises AD (filtering some users and cost centers) and using the default Virtual Proxy (VP).

Now, we configured a new VP to Azure AD (AAD) to single sign-on (SSO) sucessfully. But have no idea how to filter the same cost centers to get the users from AAD. We tried to create a new UDC with a generic LDAP but no success (same URL from first UDC - I know, strage, but we gave it a shot).

I saw this post but I think the guys are stuck in the same point.

Is the only way to ask the users access at least one time to then allocate a license to them? Or is there a way to get them from AAD via UDC?

I'd really appreciate any help.

Tags (2)
1 Solution

Accepted Solutions
ennioaoki
New Contributor II

Re: User Directory Connector with Azure AD

If someone need the info, we solved this issue:

  • Using the same Path and LDAP filter of the old UDC;
  • In Directory Entry Attributes, the Account Name as the same attribute used in claim with AAD (in our case, "mail");
  • And the User Identification attribute as "user" instead the default "inetOrgPerson";

QS June 2017, BTW.

6 Replies
ennioaoki
New Contributor II

Re: User Directory Connector with Azure AD

If someone need the info, we solved this issue:

  • Using the same Path and LDAP filter of the old UDC;
  • In Directory Entry Attributes, the Account Name as the same attribute used in claim with AAD (in our case, "mail");
  • And the User Identification attribute as "user" instead the default "inetOrgPerson";

QS June 2017, BTW.

jchoucq
Contributor II

Re: User Directory Connector with Azure AD

Hi Ennio,

great information thank you very much.

  • In Directory Entry Attributes, the Account Name as the same attribute used in claim with AAD (in our case, "mail");

In this sentence, what is "the same attribute used in claim with AAD" ? Are you talking about a property of the Qlik Sense Virtual Proxy or a property of your Azure AD ?

Best Regards.

Johann

ennioaoki
New Contributor II

Re: User Directory Connector with Azure AD

Sorry for delay, jchoucq‌. I don't know if still helps but is the property of AAD.

The Ldap-Display-Name from MSDN (or from this friendly version).

thomaslg_wq
Contributor III

Re: User Directory Connector with Azure AD

Hi Ennio,

How did you manage to import users in Qlik Sense, did you successfully create an UDC to Azure AD ?

I cannot make it work (QS Feb.2018, Azure AD over SSL port 636).

Thanks for this information !

Thomas

ennioaoki
New Contributor II

Re: User Directory Connector with Azure AD

Hi, Thomas.

Actually, we created a UDC to our on-premise AD (using Generic LDAP connection).

Then we just authenticate in AAD. The title of the thread was unfortunate, after all.

thomaslg_wq
Contributor III

Re: User Directory Connector with Azure AD

if anyone wants to create an Azure AD UDC : here attached is the "Generic LDAP UDC configuration".

So, you just have to change the User-Directory-Attribute "User identification" to "Person" and that's it

Resolution Ldap Azure.png

Regards,

Thomas