2 Replies Latest reply: Sep 15, 2017 9:58 AM by Lauri Scharf RSS

    Log out of Sense (after SAML login)

    Lauri Scharf

      Our users will log into Qlik Sense (version: June 2017) via Okta SSO. In testing it, it appears that the only way to log out is to close the browser completely. Since I can't count on users to do so, is there a way to log out the user completely when he clicks the logout button under his username in the Hub?

       

      Put another way, does Sense support SAML SLO (Single Log Out)?

       

      Message was edited by: Lauri Scharf

        • Re: Log out of Sense (after SAML login)
          Lauri Scharf

          Sense does not currently support SAML SLO. It is a known enhancement request.

           

          As a workaround, I am experimenting with Okta's multi-factor feature. Initial testing is promising. I set Okta to require a 2nd factor at every login (this is the most stringent option).

           

          Other discussions here point to an API solution.

            • Re: Log out of Sense (after SAML login)
              Lauri Scharf

              To close this thread, we have successfully implemented 2nd factor authentication in Okta. We set Okta to require it at every login, which forces the browser to redirect to Okta when the user logs out and also when the session times out (based on the session timeout setting in the QMC).

               

              I strongly encourage Qlik to add SAML SLO to Sense! It's a bit goofy to have implemented SAML SSO without SLO. You let users securely log in but not out... for organizations like us, with sensitive data, this is a show-stopper. Thankfully Okta provides a workaround.