need your help in setting up a environment for Qlik dashboards users.
Internal Users in the LDAP are able to access the dashboard through internet.
They are logging in through a portal and Authentication is setup at Header (IBM Web seal SSO) in QlikView server . Users can able to access the dashboards without any hassle.
Authentication is through Header (SSO)
Authorization is NTFS (LDAP)
Now the requirement is as follows:
External users who are not part of the (LDAP network ) to be provided access to the dashboard.
Could you please help us in the new requirement .
I've made a similar setup with IBM TAM previously.
User authenticates on TAM, it gives some header to QVWS, Header-Authentification is turned on.
You have to provide some access to WebSeal, so the user can come past TAM to the particular Access Point.
So I would say, the easiest way to solve your problem is to add external users to LDAP.
Maybe you can use a special group that has less permissions on systems, but also authorized to access your junction
Thanks for your suggestion for adding External users to LDAP.
if we cannot add it to the existing LDAP is there any way possible?
Suppose if External users are in a particular LDAP, can we configure this LDAP in parallel to the existing LDAP..
Can Qlikview DSC work with Two LDAPS? Whether it will search for users from two LDAPS while authetication?
DSC supports multiple connections for each protocol, also you can use a custom directory for authenticating on QV. Your problem could be to enter multiple LDAP groups in junction configuration.
Thank you . My question is If I add custom directory for External Users to the current setup, then the external users will need to be provided Qlik Passwords and the SSO will not be applicable for them?
The existing users can access the dashboards with SSO as their names are from LDAP?
Can you please clarify .
If you are using Header and SSO you will either have to add another Webserver and use custom users or add them to the new Webservers local directory.
if you use a custom directory for your external users, you have to provide them a password. Also it could be a problem for TAM to get the ACL, because you're using a local ACL, only QVS know about. If you don't change anything on the existing setup (keep LDAP authentication on WebSeal, and Header Authentication on QVWS) existing users won't experience any changes.
In my particular setup we used an LDAP group to authenticate on junction, AD groups to manage access rights to particular apps and again (other) LDAP groups to manage section access within the app. Yes, a bit complicated, but it was a policy of our IT-Sec guys.
Hi Bill/Gregor thank you for your suggestions.
If i use two webserver can you please clarify on the below point.
1. Two webservers will be in different mahines ( one for each server).?
2. Two Webservers are configured to single QV server. So only one accesspoint. right?
Ashok Kumar J