Qlik Community

Security & Governance

Discussion board where members can learn more about Qlik Sense deployments which are governed and self-service.

Announcements
Now Live: Qlik Sense SaaS Simplified Authoring – Analytics Creation for Everyone: READ DETAILS
cancel
Showing results for 
Search instead for 
Did you mean: 
V_Marco
Contributor
Contributor

LDAPS Config

Hello,

We have a Qliksense Server on AWS that is not in Domain.

Now we need to set up UDC with LDAPS but, for customer policy, we can't have a service user in AD with fixed password: every month password change.

Are there any alternative? Qlik services runs with local administrator that haven't access to LDAPS.

 

Thanks.

Labels (2)
2 Replies
rohitk1609
Master
Master

You can create a local administrator and install Qlik Sense with it.

Qlik_Administrator_Dude
Partner - Contributor III
Partner - Contributor III

Hello, 
Rohit1609 is correct from a Qlik Stand Point. You can simply have the Qlik Service Account be a Local Admin. You may have to get specific with your Shared Persistence Files, but it shouldn't be too much of a lift. 

These types of requirements come up time to time with MSSQL. I have used Windows Group Managed Service Accounts to solve this problem. Here is a link: 

https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-manage... 

Basically, you never have to worry about a password with a service account if you use the Group Managed Service Accounts. Here is a small excerpt from the link: 
"A standalone Managed Service Account (sMSA) is a managed domain account that provides automatic password management, simplified service principal name (SPN) management and the ability to delegate the management to other administrators."