Administration
Syncing users from Qlik Sense
To simplify user setup, Qlik Alerting syncs users from the linked Qlik Sense installation during the initial registration process. Qlik Alerting also periodically scans the Qlik Sense user list, user licenses, and license details to remain in sync. This scan occurs every 30 minutes on completion of the previous check.
The sync process works in batches and may take a few minutes if you have a large number of users.
A Qlik Alerting admin user can also manually activate the sync process.
Do the following:
-
Navigate to Admin > User Management > Users.
Information note You must be logged in as an administrator to view this menu. - Click Sync with Qlik at the top right of the table.
Qlik Alerting licensing
Qlik Alerting has a site-based license that will read the license details from Qlik Sense which should have the Qlik Alerting attributes as part of the license details. If you have purchased Qlik Alerting recently and this is your first install please ensure your Qlik Sense site has been updated with the revised license details as this is a prerequisite for installing.
Access privileges in Qlik Alerting are governed by the user's licensed access to Qlik Sense. The table below outlines how licenses in Qlik Sense translate to Qlik Alerting access.
Qlik license type | Qlik Alerting access and defaults |
---|---|
Professional |
|
Analyzer |
|
Capacity Analyzer | Recipient by email only, no access to web portal nor mobile app. |
No license access | Recipient by email only, no access to web portal nor mobile app. |
Equivalent privileges for alternative Qlik Sense license models
- Token-based license sites will treat anyone with User Access pass or Login Access Pass as an equivalent to a Professional license.
- Core-based license sites will treat all users as an equivalent to a Professional license.
Filter users from Qlik Sense
You can limit the list of users that are synced across from Qlik Sense by adding a query string in the data source configuration. To understand how you are going to query the user list you can look at filters in the Qlik Management Console. Users table area as the filter query will behave in the same way as these column level filters.
Supported fields and related operators
Field name | field identifier for query | Supported operators |
---|---|---|
User directory | userDirectory |
eq, ne, so |
User Id | userId |
eq, ne, so |
Name | name |
eq, ne, so |
Admin roles | roles | eq, |
Tags | tags.name | eq, so |
Custom properties | customProperties.value | eq, so |
Created | createdDate | gt, lt |
Last Modified | modifiedDate | gt, lt |
Supported operators
- eq : equal
- ne : not equal
- so : substring of
- gt : greater than
- lt : less than
Combine queries with
- and
- or
Example queries
The following queries are examples that show how to construct both simple and more complex filter strings:
-
Filter users by a single user directory.
userDirectory eq 'exampleCompanyDomain'
-
Filter users by a tag name.
tags.name eq 'exampleTagName' -
Filter users by user directory and user id (for example where a user id is repeated across multiple domains and you just want to allow a few select users for testing).
userDirectory eq 'exampleCompanyDomain' and (userId eq 'exampleUser1' or userId eq 'exampleUser2') -
Filter users by user directory with additional users from other user directories identified with a tag.
userDirectory eq 'exampleCompanyDomain' or tags.name so 'exampleTagName' -
Filter users using a custom property value that is assigned to each user.
customProperties.value eq 'exampleCustomPropertyName' -
Filter users by a user directory and only those whom have been created since 2020-01-01
userDirectory eq 'exampleCompanyDomain' and createdDate gt '2020-01-01'
Points to consider:
- Values should be entered in single quotes.
- Filter values are case insensitive.
- Be sure to check which operators are relevant for each filter field, using an unsupported approach may provide unexpected results.
Assigning administrator rights to a user
You will need to always have at least one administrator user at any one time. There is no limit on how many administrator users you can assign.
Do the following:
- Navigate to Admin > User Management > Users.
- Use the search object to find the user you wish to make an administrator and highlight that row.
- Click on the ... button and select edit.
- Change the user / administrator radio selection to administrator.
- Click Save.
Assigning user roles
There are two different types of user roles in Qlik Alerting: user and administrator. An administrator will have access to all functionality to be able to manage all aspects of the Qlik Alerting site.
Assigning user privileges
Professional level users can be given additional functionality through the assignment of user privileges. Only professional level users will be shown in the assigner user lists for privileges as other users cannot be assigned additional privileges. Administrator role users are also excluded from this list as they have access to all privileges as part of their user role.
The following user privileges are available:
User privilege | Description |
---|---|
System Alerts | Allows a professional Qlik Sense licensed user access to system alerts functionality to create and receive system alert notifications. |
Distribution Setting | Allows a professional Qlik Sense licensed user access to create broadcast and managed shared alerts which are sent to users with either a standard or a broadcast license. |
Broadcast Notification | Allows a professional Qlik Sense licensed user access to create and manage broadcast notifications. These are manually created notification messages that can be sent to a user group. |
Share Alerts | Allows a professional Qlik Sense licensed user to be able to share alert records they have created with other named professional or analyzer licensed users who are enabled in Qlik Alerting. This functionality makes a copy of the alert record that the recipient will take ownership of when they accept. |
Steps to assign a user privilege
Do the following:
-
Navigate to Admin > User Management > User Privileges. (You will need to be logged in as an administrator to view this menu.)
You will see a table that identifies the user privilege types available with a count to help you see what has been assigned.
-
Click the edit link of the user privilege type to which you wish to assign users.
The next page will show you two lists of users, on the left those who have not been assigned this privilege and on the right those who are already assigned.
- Select those users you wish to move, use the search to find users easily.
- Click the direction arrows to move them from one list to the other.
- Click Update.
Enabling access for a user
A user will automatically be enabled to use Qlik Alerting based on their license allocation rights in Qlik Sense. You can disable their access as identified below. However, any user who wishes to create and/or to receive an alert will require an email address to be stored against their user record in Qlik Alerting. The email can come from one of two sources; the Qlik Sense user sync if the email address is an attribute stored against the user in Qlik Sense (i.e. it comes from the user directory connector) or the email can be entered and saved directly in Qlik Alerting.
To enter a user's email address do the following:
- Navigate to Admin > User Management > Users (you will need to be logged in as an administrator in Qlik Alerting to see this page).
- Search for the user you wish to add an email for.
- Click on the ... menu on the user and select Edit.
- Enter the email address in the Email ID field.
- Click Save.
The user should now be able to receive email notifications, if they have an appropriate license in Qlik Sense, and can request to set their password from the Qlik Alerting login page.
Send a password reset email to a user
An administrator can trigger an email to a user to allow them to set/reset their password from that email link. Do the following:
- Navigate to Admin > User Management > Users (you will need to be logged in as an administrator in Qlik Alerting to see this page).
- Find the user to send a password set/reset email to.
- Click on the ... menu and select Reset password and confirm.
Multiple users can be selected to set/reset their passwords using the Reset password button at the top of the table.
Disabling access for a user
Disable the user in the Admin > User Management > Users area. Click the enabled switch against the user to turn off the users access.
Configuring Qlik Sense compatibility in Qlik Alerting
The webSocketEnabled flag in Qlik Alerting controls compatibility with different versions of Qlik Sense Enterprise on Windows (QSEoW) by managing the security requirements for WebSocket connections. This setting is essential for supporting newer versions, which require enhanced security.
-
False (default): When webSocketEnabled is set to false, Qlik Alerting does not support QSEoW November 2024 or later versions because they require Extended CSRF protection for WebSocket requests.
-
True: When webSocketEnabled is set to true, Qlik Alerting enables Extended CSRF protection, making it compatible with QSEoW November 2024 and later versions.
Enabling compatibility with QSEoW November 2024 and later versions
-
Locate the configuration file. The webSocketEnabled flag is located in the default.json file at:
C:\Program Files\Qlik Alerting\qlik-connector\config\default.json
-
Open the file in a text editor and find the line:
"webSocketEnabled": false
-
Change it to:
"webSocketEnabled": true
-
Save the file and restart Qlik Alerting.
Using trusted SSL certificates with Qlik Alerting
The Qlik Alerting install ships with a default self-signed certificate to secure the connection between the desktop of the user and the hosted application. This is a secure approach that enables HTTPS connections but will result in error messages in browsers, such as “The site’s security certificate is not trusted” (Chrome) or “This Connection is Untrusted” (Firefox).
This also has an effect on the way the Qlik Alerting Extension will work in Qlik Sense as this can cause cross-domain errors which require the user to click on a message that allows the browser to ‘run unsafe scripts’ (not an optimal user experience).
Steps to add a trusted SSL certificate for Qlik Alerting
Do the following:
- Access the Qlik Alerting server via remote desktop.
- Navigate to the C:\Program Files\Qlik Alerting\config\certificates folder.
- Backup the server.pem and server_key.pem certificate files, so you can rollback the change if necessary.Information noteIf you have been using a previous version of Qlik Alerting or Ping Alerting and have client.pem and client_key.pem certificates, you can simply rename them. Replace client with server.Information notePass phrases for SSL certificates are not supported at this time.
- Replace the certificate files with your equivalent server.pem and server_key.pem certificate files.
- Restart the Qlik Alerting Gateway service.
Additional steps to add SSL for Android devices
The Android OS does not always fully recognize the SSL certificate for use by the Qlik Alerting mobile app.
Do the following:
- Access the Qlik Alerting server via remote desktop.
- Navigate to the C:\Program Files\Qlik Alerting\config\certificates folder.
- Add the *CA.crt file for your SSL certificate, you will need to rename the file to be CA.crt so remove any additional naming on the file itself.
- Restart the Qlik Alerting Gateway service.
Managing HSTS settings for an SSL connection
By default Qlik Alerting is set as securely as possible and we have HSTS headers enabled. This means that if you have connected to the site as HTTP or HTTPS you will be forced to connect (by the browser) as HTTPS the next time you connect. This has caused some issues with connections from the extension and mobile app where the environments are not fully secured with 3rd party trusted certificates. The HstsMaxAge setting can be managed to disable this behaviour, follow the steps below.
Do the following:
- Access the Qlik Alerting server via remote desktop.
- Navigate to the C:\Program Files\Qlik Alerting\config folder.
- Update the default.json file to include the following hstsMaxAge object before the gateway object:
{ "hstsMaxAge": 31536000, "gateway": { "ip": "localhost", "httpPort": 4551, "httpsPort": 4552, "https": true }, ...
- If you have added other custom configuration changes (such as a connection to an external MongoDB instance) you may have multiple other attributes above the gateway object.
- Restart theQlik Alerting Gateway service to pick up the new settings.
Additional security configuration options
Additional configuration options are available for organizations who wish to manage security tightly or wish to be specific about which security features to apply:
- Allow or block HTTP access.
- Allow or block TLS 1.2 (default), TLS 1.1, or TLS 1.0.
- Add additional security headers to manage CORS access and other security restrictions.
To access these settings do the following:
- Access the Qlik Alerting server via remote desktop.
- Navigate to the C:\Program Files\Qlik Alerting\config folder.
- Update the default.json file to include the required object and key:value settings before the gateway object:
{ "allowInsecure": { "http": false, "TLSv1": false, "TLSv1_1": false, "TLSv1_2": true }, "customHeaders": {}, "gateway": { "ip": "localhost", "httpPort": 4551, "httpsPort": 4552, "https": true }, ...
- If you have added other custom configuration changes (such as a connection to an external MongoDB instance) you may have multiple other attributes above the gateway object.
- Restart the Qlik Alerting Gateway service to pick up the new settings.
Force HTTP only with no redirect to HTTPS
Do the following:
- Access the Qlik Alerting server via remote desktop.
- Navigate to the C:\Program Files\Qlik Alerting\config folder.
- Update the default.json file to include the required "allowInsecure" object with the "http": true setting before the gateway object.
- Update the https key in the gateway object to false.
{ "allowInsecure": { "http": true }, "gateway": { "ip": "localhost", "httpPort": 4551, "httpsPort": 4552, "https": false }, ...
- If you have added other custom configuration changes (such as a connection to an external MongoDB instance) you may have multiple other attributes above the gateway object.
- Restart theQlik Alerting Gateway service to pick up the new settings.
Changing the ports for Qlik Alerting web access
If you wish to change the default ports from 4551 for HTTP and 4552 for HTTPS you must make this change in two places. For example, if you are running Qlik Alerting on a stand alone server with no other programs reserving these ports, you may wish to use ports 80 (HTTP) and 443 (HTTPS), which makes it easy for a user as they do not have to enter these default ports in the URL each time.
Do the following:
- Update the settings in the web UI.
- In the Qlik Alerting web portal, navigate to Admin > Config.
- Update the HTTP and HTTPS ports to those you would like to change to, for example 80 (HTTP) and 443 (HTTPS).
- Click Save.
- Update the config file for the services.
- On the server, navigate to C:\Program Files\Qlik Alerting\config.
- Open the default.json file.
- On line 4, edit "httpPort": 4551; changing the 4551 value to your HTTP port entered in the Qlik Alerting settings step, for example port 80.
- On line 5, edit "httpsPort": 4552; changing the 4552 value to your HTTPS port entered in the Qlik Alerting settings step, for example port 443.
{ "gateway": { "ip": "localhost", "httpPort": 80, "httpsPort": 443, "https": true }, ...
- Restart the Qlik Alerting Gateway service.
- You should now be able to access Qlik Alerting through these new ports.
- If you have used the Qlik Sense extension in any app, you will need to reset the port setting in each of these instances.
Backup and restore the MongoDB database
You will want to periodically backup the MongoDB database as this serves as the core of Qlik Alerting. It is recommended that you backup the database before each install.
Steps to backup
- RDP onto the server as an administrator user.
- Open a command window as an administrator.
-
Enter the following to change directory:
cd "C:\Program Files\MongoDB\Server\4.2\bin"
Information noteIf you are using a newer version of MongoDB, or it is located in a different location such as a D:\ drive, then please adjust this appropriately. -
Enter the following command, where Backup Name is the identifier for your backup:
mongodump --db=qlikalerting --out="Backup Name"
- This will create a new folder in the C:\Program Files\MongoDB\Server\4.2\bin folder called "Backup Name" and will export all of the data from the database into JSON format files.
- Zip this new folder and store where you require.
Steps to restore
- RDP onto the server as an administrator user.
- Open a command window as an administrator.
-
Enter the following to change directory:
cd "C:\Program Files\MongoDB\Server\4.2\bin"
Information noteIf you are using a newer version of MongoDB, or it is located in a different location such as a D:\ drive, then please adjust this appropriately. - Move the backup to a location that is easy to identify and unzip the file so the folder is located here, for example D:\backups\Backup Name.
-
Enter the following command, where Backup Name is the identifier for your backup:
mongorestore "D:\backups\Backup Name"
- You will now have restored the qlikalerting database in MongoDB.
Password encryption and strength
The Qlik Alerting platform uses Crypto-js for password hashing. The application uses the SHA-512 algorithm.
User passwords do not expire. The current password security requirements are as follows:
-
At least one uppercase character
-
At least one lowercase character
-
At least one integer
-
Password must contain a minimum of eight characters