3 Replies Latest reply: May 9, 2014 5:36 AM by Peter Cammaert RSS

    QlikView login access for internal and external users

    Gaurav Khare

      Hello Experts,

       

       

      Need your help and guidance. For providing access to the end users over the internet through 'Access point' I have the following queries-

       

      Scenario: if the users belong to my client, they access qlikview dashboards without providing their login credentials-username and password

      while, if the users DOES NOT belong to my client(external users) who want to see dashboards, should login through Login page by entering their credentials- username and password

       

      To explain the above in a better way let me give you an example: Lets say that I work for Google. Now there are qlikview dashboards which Internal users(Google employees) access and they don't have to provide their login credentials- username and password and they just click on the URL and are able to see their reports

       

      Now, let us say that Google has a partner called Yahoo. Now Yahoo users also want to access Google dashboards.

      So, my query is that will the external users(in this case it's Yahoo) also need to enter their login credentials- username and password.?

      Currently we have two directories, one being INT for internal and EXT for external users.

      Can we have 2 Active directories(INT and EXT) reside on the same QV server?

       

       

      My query- Can you please suggests a possible way whereby I can configure the above mentioned possibilities

      basically we want to embed the above mentioned 2 scenarios at the same place.

      Now the client has Active directories for internal as well as external users. So, how to configure these two ADs on the QlikView Server?

       

        • Re: QlikView login access for internal and external users
          Peter Cammaert

          Configure both directories in exactly the same way (you can configure multiple Active Directories in QMC, e.g. for different domains in a forest). If users always visit your QlikView server from inside a Windows network, they will be recognized in any case (SSO), whether they are authrnticated in domain X, or Y, or Q or whatever you defined in QMC.

           

          If users from your Yahoo domain visit from outside the company network, there is no previous authentication phase and they will be presented with a login page in any case (by Windows, or your web server or whatever service/tool you plan to use)

           

          AD authentication doesn't travel well over the internet...

            • Re: QlikView login access for internal and external users
              Gaurav Khare

              Hi Peter,

               

              Thanks for your valuable inputs. Now my query on top of it is

               

              As per my understanding in QV server there are two options

              1) is default login 

              2) is through web form

              but we can set up only one option at a time,

              Case 1: In QV Server if we set default login page, then how to configure it for external user?

              Case 2: In QV server if we setup web form, it always display the login page but IN MY CASE this login page is not required for internal users.

              So pls guide me on how to setup/configure the above.

                • Re: QlikView login access for internal and external users
                  Peter Cammaert

                  If you keep user authentication outside of QV (where it belongs, outside) you can let Windows take care of identifying an unknown user. Whenever someone tries to access an AD resource without prior authentication, a login dialog will popup. Most browsers know how to handle this kind of "mandatory login". An external user authenticates using his/her AD credentials (EXTERNAL domain. Note that both AD domains do need a Trust-relationship, and QVS server resources like the QlikView AP must be available to users from both domains) and once properly verified, can get through to the AP via SSO.

                   

                  You're lucky that both groups of users are defined in an AD directory. Makes things alot simpler.

                   

                  If you want to use the default QVS login page, it should work more or less the same. A web form will always be displayed, whether a user has already been authenticated (and can get in automatically through SSO) or not.