Qlik Community

QlikView Administration

Discussion Board for collaboration on QlikView Management.

Announcements
Now Live: Qlik Sense SaaS Simplified Authoring – Analytics Creation for Everyone: READ DETAILS
cancel
Showing results for 
Search instead for 
Did you mean: 
matteoacn
Contributor III
Contributor III

Access Point permissions with SSO

HI,

we configured QlikView with SSO Siteminder. (DMS authorization and HTTP header login for Web Server). Now we would like to manage user permissions for viewing files on access point. Could we assign permissions to documents in Documents - User Documents - Authorization? Are recognizable Users from SiteMinder?

Or have we to manage the distribution  - source document (publisher side) only after populating users through configurable ODBC?

There are differences between the two cases?

Matteo


4 Replies
danielrozental
Master II
Master II

Matteo, yes, you can use siteminder users on the authorization tab, you'd probably need to write it as CUSTOM\USER, depending on what you have configured in the webserver.

If you can't figure it out just set a document to allow all authenticated users and then look at the licenses assignment for the correct syntax on usernames.

Populating the users through ODBC will help you search and add those users without needing to type it, but it will still work if you do just type the names.

matteoacn
Contributor III
Contributor III
Author

Thank you Daniel,

just another question:

what's the difference between using authorization on the user document and to put the authorization on the source document through a scheduled task created by publisher?

The result obtained is always the same?

Thank you and best regards,

Matteo

garystrader
Partner - Creator III
Partner - Creator III

The result is the same when you set authorization via Publisher (source document) or on Server (user document).

However the username is being passed through the header is how it should appear in the authorization list.  For example, we set up SSO for Salesforce.com, and the users were being passed in email address format, so user@company.com would appear in the DMS authorization list.  Same is true for section access entries.

If you don't want to manually configure every user's authorization, you can set authorization to "All Authenticated Users" and let your SSO process handle the authentication and the authorization.

matteoacn
Contributor III
Contributor III
Author

With the configurable ODBC only advantage is to have the possibility to manage groups and view users name? Beacuse the user document authentication seems faster and easier .