Qlik Community

Suggest an Idea

Vote for your favorite Qlik product ideas and add your own suggestions.

Announcements
WE ARE LISTENING! New Navigation for Qlik Community, Sept. 26: TELL ME MORE

Access to a space based on an AD-Group

ift_isabelle
Partner - Creator III
Partner - Creator III

Access to a space based on an AD-Group

At the moment you have to give a person access to a space in Qlik Sense Saas.
But for large environments, with lots of users this is really time consuming to maintain.
I would like to give permission to use a space with the use of an AD-Group.

So example User A is part of the Finance department, the user can see the space Finance.
User B is Finance Business Analist and this user can see and create apps in the space Finance.
But User C who is part of the HR team cannot see or do anything in Finance.
They all have specific AD-Group assigned (e.g. in Azure) and I want to assign the access based on the groups instead of the person.

 

6 Comments
AlexOmetis
Partner - Specialist
Partner - Specialist

You can do this already if you set up your IdP to bring in groups and have QS SaaS recognise them.

However it's worth noting there are limitations to this -

1. Groups won't be seen by QS SaaS until someone in the group logs in.

2. Membership of a group will be evaluated at each login - no group membership is stored outside of the individual user session.

3. Users given access via a group won't be able to be added to Notes and some other features.

ift_isabelle
Partner - Creator III
Partner - Creator III

@AlexOmetis That limitation is do-able. Is there documentation on how to bring the groups to SaaS? And I only have the option to add members to a space, where can I select these groups?

AlexOmetis
Partner - Specialist
Partner - Specialist

If you're using Azure AD, the best guide is How To: Configure Qlik Sense Enterprise SaaS to us... - Qlik Community - 1704442

The only thing it doesn't cover I think is that in QS Management Console you need to go to Settings and enable group creation. 

ift_isabelle
Partner - Creator III
Partner - Creator III

@AlexOmetis Thank you very much! It looks like this is working!

jheasley
Luminary Alumni
Luminary Alumni

Sidenote and HUGE gap to this - Notes are not aware of users in groups.  so if a space is permissioned to a group, the users won't be taggable in notes until they are explicitly added to the space. 

AlexOmetis
Partner - Specialist
Partner - Specialist

@jheasley - yep, absolutely right. As I understand it, this is mostly because QS SaaS doesn't have a mechanism to track what groups a user is in except during an active session. Since it doesn't know who is in a group, it can't see if they should be able to be referenced in a Note or other things.

I see you've spotted the thread I commented on relating to this: Notes mentions working with AD-groups - Qlik Community - 1838950. Apparently something is "on the roadmap" relating to this - what that is, we'll have to wait and see!