We have recently worked with a third party to somewhat successfully implement a single sign-on solution for outside users of the organization. I say successful because we can see the user successfully come into the Access Point via the web (their user ID passed from their company shows up in the top right) but I am unable to assign the correct document licenses and permissions. How do I add a user that is located in none of the directories attached to Qlik?
Do you have publisher? If so you will need to build a directory connectors to the source of your users. If you don't have publisher you can add them build them under User Documents. To have the Authorization tab show up, you have to set QVS for DMS mode. Then you can add the users at the bottom.
I've tried exactly that, entered the users Login ID (as it is being passed through from their system) without the domain. For example ACMECorp\jdoe just comes through the SAML as "jdoe" in the top right in Qlik AccessPoint as the user. Therefore, I thought just doing what you said, adding jdoe manually to the bottom would work, it did NOT.
We DO NOT have publisher. is it possible that the system is looking for joe in a directory connector somewhere but unable to find?
Any other tips on why it might not be working? We have DMS enabled and authorisation tab setup exactly as you have shown in your screenshot.
We currently have the authentication set to NTLM. If we change to Header how do we deal with the fact that our company users could be coming in from multiple different domains? A little unique of a setup but I assume the approach you are outlining assumes everyone is coming in from ACMECorp (which is not the case). Any ideas?