Skip to main content

Setting up identity providers

ON THIS PAGE

Setting up identity providers

An identity provider (IdP) manages identity information for users and provides authentication services. The identity provider enables single sign-on (SSO) so that you can access other websites, without having to log in repeatedly. In contrast to on-premise technologies, such as Active Directory and LDAP, identity providers also offer a consistent and governed experience when accessing cloud services, eliminating the need to create accounts for each new service.

Note: If user accounts are stored in Active Directory, the IdP can still enable integration into cloud software.

In Qlik Sense Enterprise SaaS, Qlik Sense Enterprise on Kubernetes, or in a multi-cloud deployment, an IdP delivers the following:

  • Secure authentication of a user and a common identity (user ID and groups) passed between all deployments.
  • Common user identity to assign a license to (to avoid double use).
  • Common user ID and attributes, such as groups, to use when applying access control to content.
Example: IdPs in a multi-cloud deployment

Qlik Sense Enterprise SaaS and Qlik Sense Enterprise on Kubernetes are integrated with an Identity Provider via OIDC. User IDs, email, groups, and jobs are integrated through Qlik Sense Enterprise on Windows via SAML. An Identity Provider authenticates users against their identity (user ID, Password, groups).

IdP requirements

Both Qlik Sense Enterprise SaaS and Qlik Sense Enterprise on Kubernetes integrate with an IdP using the OpenID Connect (OIDC) standard. This is a standard that allows both interactive login, where a user logs in via a browser, and automated login, using APIs via a software product.

Qlik Sense Enterprise on Windows currently does not support OIDC, but supports SAML, or any method that allows a consistent user identity to the one provided by the IdP.

Note: In summary, an IdP for multi-cloud must support both OIDC and SAML.