Authentication methods
Authentication is often used in conjunction with a single sign-on (SSO) system that supplies a reverse proxy or filter for authentication of the user.
Do the following:
-
Select Virtual proxies on the QMC start page or from the Start drop-down menu to display the overview.
- Select the virtual proxy that handles the authentication and click Edit.
-
In the Authentication property group, make the necessary selections.
Depending on what authentication method you select, there are different additional fields.
- No anonymous user
-
Allow anonymous user
- Always anonymous user
- Ticket: a ticket is used for authentication.
- Header authentication static user directory: allows static header authentication, where the user directory is set in the QMC.
- Header authentication dynamic user directory: allows dynamic header authentication, where the user directory is fetched from the header.
- SAML: SAML2 is used for authentication.
-
Click Apply to save your changes. If a mandatory field is empty, Apply is disabled.
Successfully updated is displayed at the bottom of the page.
The Authentication property group contains the authentication method properties for the virtual proxies in the Qlik Sense system.
Property | Description | Default value |
---|---|---|
Anonymous access mode |
How to handle anonymous access: |
No anonymous user |
Authentication method |
|
Ticket |
Header authentication header name |
The name of the HTTP header that identifies users, when header authentication is allowed. Mandatory if you allow header authentication (by selecting either Header authentication static user directory or Header authentication dynamic user directory for the Authentication method property). Information noteHeader authentication only supports US-ASCII (UTF-8 is not supported).
|
Blank |
Header authentication static user directory |
The name of the user directory where additional information can be fetched for header authenticated users. Mandatory if you allow static header authentication (by selecting Header authentication static user directory for the Authentication method property). |
Blank |
Header authentication dynamic user directory |
Mandatory if you allow dynamic header authentication (by selecting Header authentication dynamic user directory for the Authentication method property). The pattern you supply must contain ‘$ud’, ‘$id’ and a way to separate them. Example setting and matching header: $ud\\$id – matches USERDIRECTORY\userid (backslashes must be escaped with an additional \) $id@$ud – matches userid@USERDIRECTORY ($id and $ud can be in any order) $ud:::$id – matches USERDIRECTORY:::userid |
Blank |
Windows authentication pattern | The chosen authentication pattern for logging in. | Windows |
Authentication module redirect URI | When using an external authentication module, the clients are redirected to this URI for authentication. | Blank (default module, that is Windows authentication Kerberos/NTLM) |
SAML host URI |
The server name that is exposed to the client. This name is used by the client for accessing Qlik services, such as the QMC. The server name does not have to be the same as the machine name, but in most cases it is. You can use either http:// or https:// in the URI. To be able to use http://, you must select Allow HTTP on the edit page of the proxy that the virtual proxy is linked to. Mandatory if you allow SAML authentication (by selecting SAML for the Authentication method property). |
Blank |
SAML entity ID |
ID to identify the service provider. The ID must be unique. Mandatory if you allow SAML authentication (by selecting SAML for the Authentication method property). |
Blank |
SAML metadata IdP |
The metadata from the IdP is used to configure the service provider, and is essential for the SAML authentication to work. A common way of obtaining the metadata is to download it from the IdP website. Click the browse button and open the IdP metadata .xml file for upload. To avoid errors, you can click View content and verify that the file has the correct content and format. The configuration is incomplete without metadata. |
|
SAML attribute for user ID |
The SAML attribute name for the attribute describing the user ID.Name or friendly name can be used to identify the attribute. |
Blank |
SAML attribute for user directory |
The SAML attribute name for the attribute describing the user directory. Name or friendly name can be used to identify the attribute.If the name value is enclosed in brackets, that value is used as a constant attribute value: [example] gives the constant attribute value 'example'. |
Blank
|
SAML attribute mapping | Click Add new attribute to map SAML attributes to Qlik Sense attributes, and define if these are to be required by selecting Mandatory. Name or friendly name can be used to identify the attribute.If the name value is enclosed in brackets, that value is used as a constant attribute value: [example] gives the constant attribute value 'example'. |
You have set the authentication method.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!