Skip to main content Skip to complementary content
Qlik Resources
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

Securing and configuring the Qlik Analytics mobile app with Microsoft Intune

The Qlik Analytics mobile app gives field teams secure access to Qlik Cloud analytics on their mobile devices. You can use Microsoft Intune and Microsoft Entra ID to control access, protect company data, and provide the settings users need to connect to your Qlik Cloud tenant.

This topic provides guidance on how to use Intune app protection policies and app configuration policies to manage and secure the Qlik Analytics mobile app on Android and iOS devices.

About the Microsoft Intune integration

  • Qlik has integrated Microsoft’s standard Intune and MSAL SDKs in accordance with Microsoft's developer guidance.

  • Microsoft Entra ID, Microsoft Intune, and related SDKs are Microsoft products.

  • Qlik, including Qlik Support, cannot advise on configuring your Entra or Intune deployment, or on mobile device settings for devices running the Qlik Analytics mobile app.

  • Refer to the Microsoft Intune documentation or contact Microsoft Intune support for guidance on mobile device management (MDM) or mobile application management (MAM).

Information noteThe Microsoft Tunnel for Mobile Application Management SDK is not integrated in the Qlik Analytics mobile app.

Advice for configuring the Qlik Analytics app with Intune and Entra

The following Microsoft configuration settings may be relevant to your solution:

  • Microsoft Entra ID: Conditional Access – Control which users or devices can access the app

  • Intune: App protection policy – Protect app data

  • Intune: App configuration policy – Preconfigure app settings

For testing or troubleshooting, use test users or test devices and review the Entra user sign-in logs in Microsoft Entra ID.

What you need before you start

Before configuring the Qlik Analytics mobile app in Intune, make sure you have the following:

  • Qlik Cloud tenant using Microsoft Entra ID

    Your Qlik Cloud tenant must be configured to use Entra ID (Azure AD) for authentication through OIDC or SAML. For more information, see Identity providers in Qlik Cloud.

  • Microsoft Entra ID integrated with Microsoft Intune

    Your organization must have Entra connected with Intune so you can enforce device and app policies.

  • Users registered in Microsoft Entra ID

    All users who will access the Qlik Analytics mobile app must have accounts in your Entra ID tenant and be included in the user directory configured for Qlik Cloud tenant access.

Installing the Qlik Analytics mobile app

The Qlik Analytics mobile app is available in the iOS App Store and Google Play Store. For more information, see Get started with the Qlik Analytics mobile app.

Information noteDepending on platform and deployment, Microsoft Company Portal and/or Microsoft Authenticator may be required on the device.

Setting up Microsoft Intune for the Qlik Analytics mobile app in Microsoft Entra ID

This section outlines the main steps to register and manage the Qlik Analytics mobile app in Entra ID and Intune. Configure Entra ID and Intune according to your organization's requirements. For detailed instructions on application registration, see the Microsoft Intune documentation.

Registering the Qlik Analytics app in Microsoft Entra ID

Register the Qlik Analytics mobile app in Microsoft Entra ID to use it with Microsoft Intune.

Do the following:

  1. In Entra ID, go to App registrations and select New registration.

  2. Select the link to Enterprise applications, since you are integrating a globally registered application.

  3. Search for the application ID: 53dfc2c0-8711-4bb3-a48f-b384ff663ab9. This is the Qlik global app registration.

  4. If required, the Intune administrator can initiate registration by signing in and visiting:

    https://login.microsoftonline.com/common/adminconsent?client_id=53dfc2c0-8711-4bb3-a48f-b384ff663ab9

  5. Once the Qlik Analytics mobile app is added and appears under Enterprise applications, complete the following:

    • Assign users and groups if you want to limit who can access the app.

    • Under Permissions, grant admin consent for your domain.

Conditional Access policy guidance

The Qlik Analytics mobile app is an extension of your Qlik Cloud tenant. When managing the app with Microsoft Entra ID and Intune, keep the following in mind:

  • App authentication is handled through the IdP-registered Entra app.

  • The Qlik Analytics mobile app uses an external browser on the device to complete the authentication flow.

Conditional Access policy definitions will vary depending on your deployment scenario. Configuring a Conditional Access policy requires understanding of mobile authentication flows and thorough testing to confirm the desired control. For guidance, see the Microsoft documentation: Learn about Conditional Access and Intune.

Microsoft Intune policy logic

Intune provides two policy types to manage the Qlik Analytics mobile app:

  • App protection policies: Control how the app handles and protects organizational data.

  • App configuration policies: Supply Qlik Cloud tenant settings automatically so used don't need to enter them manually.

To support the MAM flow, the login screen includes a toggle. Users should turn it on to enforce policy access. In MDM deployments, this toggle is managed automatically by the Company Portal.

Policies apply at the app level on the mobile device, not at the tenant level. This means that if users switch between Qlik Cloud tenants in the Qlik Analytics mobile app, the same Intune policies continue to apply.

Policy information in the app

The About screen in the Qlik Analytics mobile app settings shows whether a policy is applied to the app.

  • When any policy is deployed (app protection or app configuration), the screen displays Policy AppliedYes.

  • If the policy has a policy name configured, it also appears on a separate row as the Policy Name.

Setting up app protection policies

The Qlik Analytics mobile app supports the following Intune policy features:

  • Requiring users to log in with company credentials (Microsoft Entra ID).

  • Enforcing a PIN to access the app.

  • Restricting copy, paste, and download actions within the app.

  • Blocking or controlling screenshots.

  • Preloading Qlik Cloud tenant settings using app configuration policies.

Important considerations

App protection policies control which apps can share data with each other.

  • If users need to send diagnostic emails from the Qlik Analytics mobile app, the policy must allow data transfer between apps.

  • Any app protection policy must account for communication between the Qlik Analytics mobile app and the device web browser.

  • Key Intune app policy settings to review include:

    • Data protection > Send org data to other apps

    • Data protection > Select apps to exempt (com.qlik.qsm)

    • Functionality > Restrict web content transfer with other apps

The Qlik Analytics mobile app also requires the device web browser to complete sign-in, so your policy must allow browser access for authentication.

Setting up app configuration policies

Use app configuration policies in Intune to provide the Qlik Analytics mobile app with the settings it needs to connect to your Qlik Cloud tenant.

The following examples show how to configure key–value pairs for the mobile app in Intune. Replace placeholders (<policy name>, <tenant name>, <tenant URL>) with your own values.

Managed devices (iOS)

App configurations > Policy name > Properties > Settings:

  • Device enrollment type: Managed devices

  • Platform: iOS

Key/value pairs:

1. Key: mdm

Value:

{
  "policyName": "<policy name>",
  "Accounts": [
    {
      "name": "<tenant name>",
      "url": "<tenant URL>"
    },
    {
      "name": "<tenant name>",
      "url": "<tenant URL>"
    }
  ]
}

Accounts defines one or more Qlik Cloud tenants that the app can connect to.

  • name: Your chosen tenant name shown to users.

  • url: The URL of the Qlik Cloud tenant (for example, mobileintune.us.qlikcloud.com).

2. Key: IntuneMAMOID

Value: {{userid}}

Passes the Intune user ID to the app.

Managed apps (multiple platforms)

App configurations > Policy name > Properties > Settings:

  • Device enrollment type: Managed apps

  • Platform: iOS

Key/value pair:

Key: mdm

Value:

{
  "policyName": "<policy name>",
  "Accounts": [
    {
      "name": "<tenant name>",
      "url": "<tenant URL>"
    },
    {
      "name": "<tenant name>",
      "url": "<tenant URL>"
    }
  ]
}

This JSON performs the same function as in the managed device scenario, defining the available tenant connections for authentication to your Qlik Cloud environment.

In this scenario, only the mdm key is required. No user ID mapping is needed.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here