If you want to use single sign on with Qlik Sense there are a number of ways to implement. In addition, you can implement and use the AD user directory connection to look up users when they log in through a virtual proxy to use the specified user directory name.
Some videos for you to watch:
https://www.youtube.com/watch?v=vkCh_t1nd40 -Qlik Sense Security Overview
Qlik Sense SAML with Active Directory Federation Services: Qlik Sense SAML: ADFS Integration Part One of Three
Qlik Sense SAML with Okta: Qlik Sense SAML: Okta Configuration (Deprecated)
Thank you so much for your time and suggestions,
Sorry to say but i can not open the videos here.
1. All the user's are coming from an AD server, I have bough in all the user's using user directory connector.
2. The machine on which they will be opening the qliksense browser is in the same domain.
3. Inst ed of logging in again and again by providing their credentials, they just want to open the browser and login directly, as they are i same domain (SSO).
4. How to implement the above.?
Waiting for your suggestion.
1. Ad is on a different machine on a different server in a different environment.
2. Qliksense is installed in AWS.
3. I bough in all the users in qliksense.
4. now what they want is.
As they login in to their machine using their credentials,and open the link which has been provided to them for opening qliksense hub,
It should not ask for login ID and PWD.
when they have already performed a windows authentication.
The Qlik Sense server will allow Windows Auth pass through from the browser "if" the Qlik Sense server is on a trusted domain of the active directory. If the Qlik Sense server is not a member of the domain, then the domain users will not be able to log in using their domain credentials.
Importing user information into Qlik Sense is not for authentication purposes, it's for authorization. Qlik Sense does not perform identity verification.
1. To use windows authentication of domain accounts with a Qlik Sense server the Qlik Sense server needs to be a member of a trusted domain the Active Directory storing the users is aware of.
2. Importing user information into Qlik Sense using UDC does not equate to authentication. Qlik Sense does not store passwords nor does it ever ask for one.
3. If the Qlik Sense server is a member of an AD trusted domain, then it is possible to use windows authentication with domain accounts. To get pass through auth to work properly, the browser needs to be set to automatically pass credentials. To make this change you need to go into the internet properties of the browser, click on the security tab and choose custom level. At the bottom of the screen is a user authentication radio dialog. By default for many of the zones is the selection option Automatic logon with current user name and password. You may have to set the Internet zone (shown) to the same because the Qlik Sense server is on AWS. But this does not matter if #1 is not satisfied.
Also worth noting that you can add sites to the Trusted Sites list via Group Policy - I used the second method on this page to do that: https://blog.thesysadmins.co.uk/group-policy-internet-explorer-security-zones.html. Otherwise users have to do it manually (in some cases, they don't have access to those settings).
We are having a similar setup
1) QlikSense installed in AWS
2) LDAP is on installed on different server different domain.
We have installed the LDAP Certificate in AWS where qliksense installed and pulled all users using UDC.
But we are facing issue during authentication itself. Can you please let me know is there any pre-requiste on AWS, QlikSense and LDAP Side. So that we can proceed further.
Krishna Kumar S