2 Replies Latest reply: Feb 14, 2018 9:27 AM by philippe kilian RSS

    Qlik Sense: authentication of external users who are not in the active directory

    philippe kilian

      Hello.

       

      We have just migrated our QlikView environment to QlikSense, and we have an issue with external users, i.e users who are not registered in our Active Directory and should have read-only access to our applications with data restrictions.

       

      Our QlikView applications were designed to be shared with our customers : people from other companies had a generic access to the Qlik View access point and they were granted access to specifics qvw files by Section Accesss.

       

      External users had to provide two credentials: the generic user/password to access the access point (which is the same for everyone and is declared in the active directory), and then a specific user/password that is defined in the section access of the qvw files.

       

      We intended to make the same in Qlik Sense: allow people from other companies to access the Qlik Sense hub with a generic account (a dedicated URL will be put in place), and then register in any way so that we can restrict their access to specific applications and data.

       

      Our problem is that these specific credentials are not registered in the active directory (the generic account only is registered), and we don't know how to manage them in QlikSense access point. We don't even know if managing user / password that are not declared in Active Directory is possible in the QS access point.

       

      So, is there a way to handle this kind of double authentication (generic "Active Directory" access with user/pwd to the hub, and specifics "Non Active Directory" accesses with user/pwd to the applications) in Qlik Sense, as we managed to do in QlikView? Or do we have to create a specific account for each of our customers in our active directory?

       

      All advices and remarks will be appreciated...

       

      Thanks .

        • Re: Qlik Sense: authentication of external users who are not in the active directory
          Levi Turner

          Well, it certainly sounds like you were violating the QlikView license agreement in the sense of the CAL assignment was based on the generic user whereas multiple users were sharing the same generic account's CAL assignment.

           

          As for Qlik Sense, there's nothing directly that will allow you to accomplish this.

           

          If you want to setup a custom authentication mechanism to validate outside of AD, then that would work.

           

          Otherwise, you can always create local accounts on the Windows OS and have them access Qlik Sense using ServerName\UserID.

            • Re: Qlik Sense: authentication of external users who are not in the active directory
              philippe kilian

              Hello Levi.

               

              Thank you for your answer.

               

              As you advice, we will create local accounts in our Active Directory for our first customers so that they can connect to our applications and give a quick feed-back.

              It will leave us time to implement a User Directory Connector, a Virtual proxy and security rules in order to handle the "external" connections.

               

              Well, it certainly sounds like you were violating the QlikView license agreement in the sense of the CAL assignment was based on the generic user whereas multiple users were sharing the same generic account's CAL assignment.

              Well, I don't administrate our QlikView environment but as far as I know, we bought a QV licence for each external user. I hope we don't violate any license agreement...