Skip to main content Skip to complementary content
Qlik Resources

Administration

Syncing users from Qlik Sense

To simplify user setup, Qlik Alerting syncs users from the linked Qlik Sense installation during the initial registration process. Qlik Alerting also periodically scans the Qlik Sense user list, user licenses, and license details to remain in sync. This scan occurs every 30 minutes on completion of the previous check.

The sync process works in batches and may take a few minutes if you have a large number of users.

A Qlik Alerting admin user can also manually activate the sync process.

Do the following:

  1. Navigate to Admin > User Management > Users.

    Information note You must be logged in as an administrator to view this menu.
  2. Click Sync with Qlik at the top right of the table.
Information noteThis process may take a number of minutes as it schedules within the next minute and then processes the two phases as per the initial and periodic sync process.

Qlik Alerting licensing

Qlik Alerting has a site-based license that will read the license details from Qlik Sense which should have the Qlik Alerting attributes as part of the license details. If you have purchased Qlik Alerting recently and this is your first install please ensure your Qlik Sense site has been updated with the revised license details as this is a prerequisite for installing.

Access privileges in Qlik Alerting are governed by the user's licensed access to Qlik Sense. The table below outlines how licenses in Qlik Sense translate to Qlik Alerting access.

Qlik Alerting licenses
Qlik license type Qlik Alerting access and defaults

Professional
  • User can create their own alerts and distribute to groups or individuals (through Broadcast and Managed Shared alerts).
  • Can receive any distributed alert from other users.
  • Default setup will allow advanced features such as distribution to others and share alerts but these privileges can be removed by an Admin.
  • Default setup will not allow system alerts or broadcast notifications but these permissions can be switched on by the admin for specific users through the privileges area.
Analyzer
  • Standard user who can create their own alerts but is not able to distribute to groups or individuals.
  • Can receive any distributed alert from other users.
  • Will not be allowed access to any additional privileges.
Capacity Analyzer Recipient by email only, no access to web portal nor mobile app.
No license access Recipient by email only, no access to web portal nor mobile app.
Information noteIf a user has been assigned both a Professional and Analyzer license, their experience from session to session might not be consistent. For example, sometimes, they might only receive the Qlik Alerting access associated with the Analyzer license type. To resolve this issue, consider removing the Analyzer license from a user.

Equivalent privileges for alternative Qlik Sense license models

  • Token-based license sites will treat anyone with User Access pass or Login Access Pass as an equivalent to a Professional license.
  • Core-based license sites will treat all users as an equivalent to a Professional license.

Filter users from Qlik Sense

You can limit the list of users that are synced across from Qlik Sense by adding a query string in the data source configuration. To understand how you are going to query the user list you can look at filters in the Qlik Management Console. Users table area as the filter query will behave in the same way as these column level filters.

Supported fields and related operators

Qlik Alerting user sync filter fields and operators
Field name field identifier for query Supported operators
User directory userDirectory

eq, ne, so

User Id userId

eq, ne, so
Name name

eq, ne, so
Admin roles roles eq,
Tags tags.name eq, so
Custom properties customProperties.value eq, so
Created createdDate gt, lt
Last Modified modifiedDate gt, lt

Supported operators

  • eq : equal
  • ne : not equal
  • so : substring of
  • gt : greater than
  • lt : less than

Combine queries with

  • and
  • or

Example queries

The following queries are examples that show how to construct both simple and more complex filter strings:

  • Filter users by a single user directory.

    userDirectory eq 'exampleCompanyDomain'

  • Filter users by a tag name.
    tags.name eq 'exampleTagName'

  • Filter users by user directory and user id (for example where a user id is repeated across multiple domains and you just want to allow a few select users for testing).
    userDirectory eq 'exampleCompanyDomain' and (userId eq 'exampleUser1' or userId eq 'exampleUser2')

  • Filter users by user directory with additional users from other user directories identified with a tag.
    userDirectory eq 'exampleCompanyDomain' or tags.name so 'exampleTagName'

  • Filter users using a custom property value that is assigned to each user.
    customProperties.value eq 'exampleCustomPropertyName'

  • Filter users by a user directory and only those whom have been created since 2020-01-01
    userDirectory eq 'exampleCompanyDomain' and createdDate gt '2020-01-01'

Points to consider:

  • Values should be entered in single quotes.
  • Filter values are case insensitive.
  • Be sure to check which operators are relevant for each filter field, using an unsupported approach may provide unexpected results.

Assigning administrator rights to a user

You will need to always have at least one administrator user at any one time. There is no limit on how many administrator users you can assign.

Do the following:

  1. Navigate to Admin > User Management > Users.
  2. Use the search object to find the user you wish to make an administrator and highlight that row.
  3. Click on the ... button and select edit.
  4. Change the user / administrator radio selection to administrator.
  5. Click Save.

Assigning user roles

There are two different types of user roles in Qlik Alerting: user and administrator. An administrator will have access to all functionality to be able to manage all aspects of the Qlik Alerting site.

Assigning user privileges

Professional level users can be given additional functionality through the assignment of user privileges. Only professional level users will be shown in the assigner user lists for privileges as other users cannot be assigned additional privileges. Administrator role users are also excluded from this list as they have access to all privileges as part of their user role.

The following user privileges are available:

User privilege categories
User privilege Description
System Alerts Allows a professional Qlik Sense licensed user access to system alerts functionality to create and receive system alert notifications.
Distribution Setting Allows a professional Qlik Sense licensed user access to create broadcast and managed shared alerts which are sent to users with either a standard or a broadcast license.
Broadcast Notification Allows a professional Qlik Sense licensed user access to create and manage broadcast notifications. These are manually created notification messages that can be sent to a user group.
Share Alerts Allows a professional Qlik Sense licensed user to be able to share alert records they have created with other named professional or analyzer licensed users who are enabled in Qlik Alerting. This functionality makes a copy of the alert record that the recipient will take ownership of when they accept.

Steps to assign a user privilege

Do the following:

  1. Navigate to Admin > User Management > User Privileges. (You will need to be logged in as an administrator to view this menu.)

    You will see a table that identifies the user privilege types available with a count to help you see what has been assigned.

  2. Click the edit link of the user privilege type to which you wish to assign users.

    The next page will show you two lists of users, on the left those who have not been assigned this privilege and on the right those who are already assigned.

  3. Select those users you wish to move, use the search to find users easily.
  4. Click the direction arrows to move them from one list to the other.
  5. Click Update.

Enabling access for a user

A user will automatically be enabled to use Qlik Alerting based on their license allocation rights in Qlik Sense. You can disable their access as identified below. However, any user who wishes to create and/or to receive an alert will require an email address to be stored against their user record in Qlik Alerting. The email can come from one of two sources; the Qlik Sense user sync if the email address is an attribute stored against the user in Qlik Sense (i.e. it comes from the user directory connector) or the email can be entered and saved directly in Qlik Alerting.

Information noteFor a user to receive alerts on their mobile device they will need to create a password for Qlik Alerting and email is required for this step.

To enter a user's email address do the following:

  1. Navigate to Admin > User Management > Users (you will need to be logged in as an administrator in Qlik Alerting to see this page).
  2. Search for the user you wish to add an email for.
  3. Click on the ... menu on the user and select Edit.
  4. Enter the email address in the Email ID field.
  5. Click Save.

The user should now be able to receive email notifications, if they have an appropriate license in Qlik Sense, and can request to set their password from the Qlik Alerting login page.

Send a password reset email to a user

An administrator can trigger an email to a user to allow them to set/reset their password from that email link. Do the following:

  1. Navigate to Admin > User Management > Users (you will need to be logged in as an administrator in Qlik Alerting to see this page).
  2. Find the user to send a password set/reset email to.
  3. Click on the ... menu and select Reset password and confirm.

Multiple users can be selected to set/reset their passwords using the Reset password button at the top of the table.

Information noteThe password reset email that is sent has a one time use token that is active for 30 minutes. If the link is not accessed within 30 minutes, the password reset must be requested again, or you must select the forgot password option.

Disabling access for a user

Disable the user in the Admin > User Management > Users area. Click the enabled switch against the user to turn off the users access.

Information noteIf the user has an Administrator role assigned, they will still be able to log in if they do not have a Qlik Sense named license but they will not receive triggered alerts. Other users will not be able to log on if they do not have a license in Qlik Sense.

Using trusted SSL certificates with Qlik Alerting

The Qlik Alerting install ships with a default self-signed certificate to secure the connection between the desktop of the user and the hosted application. This is a secure approach that enables HTTPS connections but will result in error messages in browsers, such as “The site’s security certificate is not trusted” (Chrome) or “This Connection is Untrusted” (Firefox).

This also has an effect on the way the Qlik Alerting Extension will work in Qlik Sense as this can cause cross-domain errors which require the user to click on a message that allows the browser to ‘run unsafe scripts’ (not an optimal user experience).

Steps to add a trusted SSL certificate for Qlik Alerting

Do the following:

  1. Access the Qlik Alerting server via remote desktop.
  2. Navigate to the C:\Program Files\Qlik Alerting\config\certificates folder.
  3. Backup the server.pem and server_key.pem certificate files, so you can rollback the change if necessary.
    Information noteIf you have been using a previous version of Qlik Alerting or Ping Alerting and have client.pem and client_key.pem certificates, you can simply rename them. Replace client with server.
    Information notePass phrases for SSL certificates are not supported at this time.
  4. Replace the certificate files with your equivalent server.pem and server_key.pem certificate files.
  5. Restart the Qlik Alerting Gateway service.

Additional steps to add SSL for Android devices

The Android OS does not always fully recognize the SSL certificate for use by the Qlik Alerting mobile app.

Do the following:

  1. Access the Qlik Alerting server via remote desktop.
  2. Navigate to the C:\Program Files\Qlik Alerting\config\certificates folder.
  3. Add the *CA.crt file for your SSL certificate, you will need to rename the file to be CA.crt so remove any additional naming on the file itself.
  4. Restart the Qlik Alerting Gateway service.

Managing HSTS settings for an SSL connection

By default Qlik Alerting is set as securely as possible and we have HSTS headers enabled. This means that if you have connected to the site as HTTP or HTTPS you will be forced to connect (by the browser) as HTTPS the next time you connect. This has caused some issues with connections from the extension and mobile app where the environments are not fully secured with 3rd party trusted certificates. The HstsMaxAge setting can be managed to disable this behaviour, follow the steps below.

Do the following:

  1. Access the Qlik Alerting server via remote desktop.
  2. Navigate to the C:\Program Files\Qlik Alerting\config folder.
  3. Update the default.json file to include the following hstsMaxAge object before the gateway object: 
    {
    "hstsMaxAge": 31536000,
	"gateway": {
        "ip": "localhost",
        "httpPort": 4551,
        "httpsPort": 4552,
        "https": true
     },
     ...
  4. If you have added other custom configuration changes (such as a connection to an external MongoDB instance) you may have multiple other attributes above the gateway object.
  5. Restart theQlik Alerting Gateway service to pick up the new settings.

Additional security configuration options

Additional configuration options are available for organizations who wish to manage security tightly or wish to be specific about which security features to apply:

  • Allow or block HTTP access.
  • Allow or block TLS 1.2 (default), TLS 1.1, or TLS 1.0.
  • Add additional security headers to manage CORS access and other security restrictions.

To access these settings do the following:

  1. Access the Qlik Alerting server via remote desktop.
  2. Navigate to the C:\Program Files\Qlik Alerting\config folder.
  3. Update the default.json file to include the required object and key:value settings before the gateway object: 
    {
	"allowInsecure": {					
		"http": false,
    	"TLSv1": false,
    	"TLSv1_1": false,
    	"TLSv1_2": true
	},
    "customHeaders": {},
	"gateway": {
        "ip": "localhost",
        "httpPort": 4551,
        "httpsPort": 4552,
        "https": true
    },
    ...
  4. If you have added other custom configuration changes (such as a connection to an external MongoDB instance) you may have multiple other attributes above the gateway object.
  5. Restart the Qlik Alerting Gateway service to pick up the new settings.

Force HTTP only with no redirect to HTTPS

Warning noteThis is an unsecured approach and not recommended for production environments.

Do the following:

  1. Access the Qlik Alerting server via remote desktop.
  2. Navigate to the C:\Program Files\Qlik Alerting\config folder.
  3. Update the default.json file to include the required "allowInsecure" object with the "http": true setting before the gateway object.
  4. Update the https key in the gateway object to false. 
    {
	"allowInsecure": {												
	    "http": true
	},						
	"gateway": {
        "ip": "localhost",
        "httpPort": 4551,
        "httpsPort": 4552,
        "https": false
    },
    ...
  5. If you have added other custom configuration changes (such as a connection to an external MongoDB instance) you may have multiple other attributes above the gateway object.
  6. Restart theQlik Alerting Gateway service to pick up the new settings.

Changing the ports for Qlik Alerting web access

If you wish to change the default ports from 4551 for HTTP and 4552 for HTTPS you must make this change in two places. For example, if you are running Qlik Alerting on a stand alone server with no other programs reserving these ports, you may wish to use ports 80 (HTTP) and 443 (HTTPS), which makes it easy for a user as they do not have to enter these default ports in the URL each time.

Do the following:

  1. Update the settings in the web UI.
    1. In the Qlik Alerting web portal, navigate to Admin > Config.
    2. Update the HTTP and HTTPS ports to those you would like to change to, for example 80 (HTTP) and 443 (HTTPS).
    3. Click Save.
  2. Update the config file for the services.
    1. On the server, navigate to C:\Program Files\Qlik Alerting\config.
    2. Open the default.json file.
    3. On line 4, edit "httpPort": 4551; changing the 4551 value to your HTTP port entered in the Qlik Alerting settings step, for example port 80.
    4. On line 5, edit "httpsPort": 4552; changing the 4552 value to your HTTPS port entered in the Qlik Alerting settings step, for example port 443. 
      {
	"gateway": {
        "ip": "localhost",
        "httpPort": 80,
        "httpsPort": 443,
        "https": true
    },
    ...
    5. Restart the Qlik Alerting Gateway service.
  3. You should now be able to access Qlik Alerting through these new ports.
  4. If you have used the Qlik Sense extension in any app, you will need to reset the port setting in each of these instances.

Backup and restore the MongoDB database

You will want to periodically backup the MongoDB database as this serves as the core of Qlik Alerting. It is recommended that you backup the database before each install.

Steps to backup

  1. RDP onto the server as an administrator user.
  2. Open a command window as an administrator.

  3. Enter the following to change directory:

    cd "C:\Program Files\MongoDB\Server\4.2\bin"
    Information noteIf you are using a newer version of MongoDB, or it is located in a different location such as a D:\ drive, then please adjust this appropriately.

  4. Enter the following command, where Backup Name is the identifier for your backup:

    mongodump --db=qlikalerting --out="Backup Name"
  5. This will create a new folder in the C:\Program Files\MongoDB\Server\4.2\bin folder called "Backup Name" and will export all of the data from the database into JSON format files.
  6. Zip this new folder and store where you require.

Steps to restore

  1. RDP onto the server as an administrator user.
  2. Open a command window as an administrator.

  3. Enter the following to change directory:

    cd "C:\Program Files\MongoDB\Server\4.2\bin"
    Information noteIf you are using a newer version of MongoDB, or it is located in a different location such as a D:\ drive, then please adjust this appropriately.
  4. Move the backup to a location that is easy to identify and unzip the file so the folder is located here, for example D:\backups\Backup Name.

  5. Enter the following command, where Backup Name is the identifier for your backup:

    mongorestore "D:\backups\Backup Name"
  6. You will now have restored the qlikalerting database in MongoDB.

Password encryption and strength

The Qlik Alerting platform uses Crypto-js for password hashing. The application uses the SHA-512 algorithm.

User passwords do not expire. The current password security requirements are as follows:

  • At least one uppercase character

  • At least one lowercase character

  • At least one integer

  • Password must contain a minimum of eight characters

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here