4 Replies Latest reply: Mar 30, 2012 12:06 PM by Matteo Garibaldi RSS

    Access Point permissions  with SSO

    Matteo Garibaldi


      we configured QlikView with SSO Siteminder. (DMS authorization and HTTP header login for Web Server). Now we would like to manage user permissions for viewing files on access point. Could we assign permissions to documents in Documents - User Documents - Authorization? Are recognizable Users from SiteMinder?

      Or have we to manage the distribution  - source document (publisher side) only after populating users through configurable ODBC?

      There are differences between the two cases?




        • Access Point permissions  with SSO
          Daniel Rozental

          Matteo, yes, you can use siteminder users on the authorization tab, you'd probably need to write it as CUSTOM\USER, depending on what you have configured in the webserver.


          If you can't figure it out just set a document to allow all authenticated users and then look at the licenses assignment for the correct syntax on usernames.


          Populating the users through ODBC will help you search and add those users without needing to type it, but it will still work if you do just type the names.

            • Access Point permissions  with SSO
              Matteo Garibaldi

              Thank you Daniel,

              just another question:

              what's the difference between using authorization on the user document and to put the authorization on the source document through a scheduled task created by publisher?

              The result obtained is always the same?


              Thank you and best regards,


                • Access Point permissions  with SSO
                  Gary Strader

                  The result is the same when you set authorization via Publisher (source document) or on Server (user document).


                  However the username is being passed through the header is how it should appear in the authorization list.  For example, we set up SSO for Salesforce.com, and the users were being passed in email address format, so user@company.com would appear in the DMS authorization list.  Same is true for section access entries.


                  If you don't want to manually configure every user's authorization, you can set authorization to "All Authenticated Users" and let your SSO process handle the authentication and the authorization.