How to Setup Multi-Factor Authentication (MFA) for Qlik Sense Business

Andre_Sostizzo · Oct 20, 2023 4:46:53 AM

Multi-factor authentication (MFA) is an extra layer of security to access Qlik Sense Business.

It:

Is Optional for Service Account Owner (SAO) with a paid Qlik Sense Business Subscription.
Is Optional for Invitees and Tenant Admins
Can be disabled at any time

If you require MFA to be mandatory, a Qlik Sense SaaS Enterprise subscription allows for the use of a third party IdP (Identity Provider), which provides you with additional control over authentication methods.

MFA is not supported in Qlik Sense on-premise installations. See Configuring security > Authentication.

Resolution:

Access to My Qlik Portal How to Access My Qlik Portal
Go to Password & Security
Click on Setup
Install a Multi Factor Authentication (MFA) on phone. There are several on the market, (Google Authenticator - LastPass Authenticator - Microsoft Authenticator and more)

Note: Using just a QR reader will not work, Only a MFA Authetication app will.
Scan the QR code with your MFA Authenticator
Proceeded to use the code created from MFA authenticator
You are given an important recovery link. The link is ONE time use - IMPORTANT - Save this code for recovery purposes *
You will see that the MFA is successfully set.

* If you see yourself the need to use the MFA Recovery code, Note that a new one will be generated. Please save the last one generated.
If in the future MFA needs to be disabled, navigate to the same screen and click "Remove"...
Click "Yes, remove"

FAQ

Q - What happens if SAO is MFA locked out due to (Change of device or lost)?
A - SAO Can use the Recovery Code generated in setting up the MFA.

Q - What happens if SAO looses the MFA Recovery link or does not save the new generated one.
A - Please contact Qlik Customer Support to reset MFA How to create a case

Q - Can a user setup MFA without a mobile?
A - Yes, there are desktop options fro Google authenticator.

Related content:

SAML configuration with Okta (Qlik Help)
Qlik Sense SAML: Okta Configuration (YouTube)

Notwo · ‎2021-05-06

When will you make it possible to enforce Multi-Factor Authentication for all users in my Qlik Sense account? The security governance of MFA is very weak if it is up to the individual business user to enable MFA on their account as an optional feature. Like all our other SaaS services we would require to have MFA enforced account-wide by the admin.

Alternatively if you would include standard SSO options like Google Workspace to the Qlik Sense Business SaaS to re-use their MFA that comes with the SSO.

Sonja_Bauernfeind · ‎2021-05-06

Hello @Notwo !

Thank you for your feedback and for voicing your interest in further development and improvements. It's a great idea and I would highly recommend you post it over on our ideas forum to give that feedback directly to our product teams.

Please feel free to @ me once you do as I want to cast my vote on it!

All the best,

Sonja

Notwo · ‎2021-05-06

Thank you @Sonja_Bauernfeind . I have create an idea https://community.qlik.com/t5/Suggest-an-Idea/Enforced-MFA-and-or-Google-SSO-for-Qlik-Sense-Business...

Sonja_Bauernfeind · ‎2021-05-06

Voted! Thanks, @Notwo

WayneH · ‎2023-10-03

How has this not been enabled yet as a forced item. Where every user must select to do this them selves. This needs to have the option to be enforced at a global level.

Its 2023, the security threats have moved on, MFA is no longer "optional"

retretrt · ‎2023-10-06

need also this urgently

Sonja_Bauernfeind · ‎2023-10-06

Hello @retretrt @WayneH

Please vote for the existing idea in our ideation platform which is currently gathering feedback. Enforced MFA and/or Google SSO for Qlik Sense Business SaaS

If you are unable to access the above link, please go to the ideation platform first, where you will be logged in. You can click the link above afterwards.

For Qlik Cloud (Enterprise), I recommend reviewing the option to rely on your own IdP, rather than the Qlik ID and optional MFA.

All the best,
Sonja

retretrt · ‎2023-10-06

hi, i have but it has only received 10 votes. Security is seen as a basic minimum requirement and not something that can be "voted on". We will re-evaluate our license with qlik as enforcing security and privacy in 2023 is just something any company cannot survive without

Sonja_Bauernfeind · ‎2023-10-06

Hello @retretrt I'm forwarding the information to our product team; though please keep an eye on the idea as this is where you will see movement when it has been reviewed.

All the best,
Sonja

Daniele_Purrone · ‎2023-10-06

Hi @retretrt ,

judging by your email address, I would say (correct me if I'm wrong) that your customer account has a Qlik Sense Enterprise SaaS subscription, which means that you can setup your own IdP and enforce MFA on all of your users.

That's one of the benefits of having a Enterprise subscription as opposed to Qlik Sense Business, which is not an enterprise offering.

We cannot enforce MFA on QlikId accounts, as those can be used across different tenants (and companies) and even just in order to reach out to support in case of need. That's why we leave it to the single users to decide whether to implement it or not, when using QlikID.
As said, however, you should be free to use any Identity Provider of your choosing and set up the security level that suits your company.

Please, let us know if you have questions about it.

How to Setup Multi-Factor Authentication (MFA) for Qlik Sense Business