Solved: Qlikview log on question - Qlik Community

bobbydave · ‎2018-06-18

Last week, we had a major issue with group policy. The entire company was locked out of Qlikview web view.

Users would click a link http://servername/qlikview and would have to provide a single sign on and password to log in.

The server architects reversed the group policy and this resolved the issue.

However, they have told me that instead of using a single sign on, we could set up something that recognises the user on the browser (like a company homepage, where it picks up the users windows profile username and windows password and they now can see their company's homepage whereas a guest of the company would be restricted) and then log them automatically in.

How does everyone's clients sign into their company's Qlikview web front browser and would they recommend what we have been suggested?

marcus_sommer · ‎2018-06-18

AFAIK using single-sign-on is quite common with a lot of tools and it's not considered as a problematic measure with special security risks. If your company (IT) is insecure that the right person could make a windows-login on a certain machine/system then it is a different matter and preventing of SSO to Qlik is working on the effects and not on the cause.

Beside this I think only the classical way of SSO could serve SSO and all attempts to create similar working workarounds will fail or create more security risks then before.

Beside this you could of course implement a classical login and in extending the thought even implementing an additionally section access so that a second (maybe different) authentication happens.

- Marcus

View solution in original post

marcus_sommer · ‎2018-06-18

AFAIK using single-sign-on is quite common with a lot of tools and it's not considered as a problematic measure with special security risks. If your company (IT) is insecure that the right person could make a windows-login on a certain machine/system then it is a different matter and preventing of SSO to Qlik is working on the effects and not on the cause.

Beside this I think only the classical way of SSO could serve SSO and all attempts to create similar working workarounds will fail or create more security risks then before.

Beside this you could of course implement a classical login and in extending the thought even implementing an additionally section access so that a second (maybe different) authentication happens.

- Marcus

bobbydave · ‎2018-06-18

Hi Marcus,

Thanks for the advice.

The company is quite secure. Its just not something i had considered. We already have our Homepage for the company launching with the users credentials. I just never thought of using this method.

Currently, we have Active Directory groups that for certain departments so only those departments see their own department apps and even within this, they have section access to further drill down what access they have on such apps.

I just never thought of the windows login authentication once IE launches and it would open the Qlikview page for the user automatically, rather than use their SSO login. In essence, it is the same log on details so essentially, it would eliminate the SSO (which is their windows log on details - same log on details).

You have more or less answered my question. I think it is now a good idea. We already have some company webpages that are already doing this.

Anyone think its a bad idea though?