We have a service account that performs API calls to Qlik Enterprise Manager. The service account uses username/password. When we switched the SAML authentication our service account can no longer make API calls.
Idea:
Can we have service account bypass the SAML and be able to make API calls using username/password? This is critical for our deployment process and automation.
Can we also have API calls samples using Postman/Python once the feature is implemented?
We have the same need in our company. All users have to be SSO authenticated with SAML at QR/QEM, but we had to stood up a duplicated set of QEM servers with windows auth only to allow automation tools/scripts to authenticate at QEM APIs using a service account.
So for me, instead of using a bypass to allow user/pwd auth, I'd rather prefer to have QEM allowing different authentication methods on the same server, using different ports for each authentication method, for example all users on 443 with SAML, APIs only accounts on 8443 with windows auth, client_ID/Secrets or even OAuth access tokens.
Perhaps, we could use the roles/permissions association in QEM to define the auth method, and manage API client_ID/Secrets or OAuth access tokens
We have similar findings and requirements in our organization. As per the PCI requirement, we need MFA authentication support for API. This is also going to be a mandatory approach / need to satisfy PCI (Payment card industry) standards from 2023.
NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you only see 1 tab with the login page, please try clicking this link first: Authenticate me! then try the link above again. Ensure pop-up blocker is off.
