SaaS editions of Qlik Sense allow you to customize and enhance your system security with the following:
- Content Security Policy
Multi-Factor Authentication (MFA)
- API keys
SaaS editions of Qlik Sense use Content Security Policy (CSP) Level 2, which provides an extra layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. In Qlik Sense Enterprise, CSP allows tenant admins to control resources an extension or a theme is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints.
MFA is available to provide enhanced secured access to My Qlik. MFA provides an added layer of security for accessing Qlik Sense. Service account owners (SAOs) and tenant administrators who are using Qlik Account as their identity provider are not required to configure MFA. All users using Qlik Account still have the option to configure MFA tied to their identity. It is strongly recommended that SAOs and tenant admins configure MFA given the sensitivity of the information they have access to. MFA can be configured at the time of subscription purchase or any time after for the additional security.
An API key is a unique identifier used for authentication of a user, developer, or calling program to an API. API keys are often used for tracking and controlling how the interface is used, to prevent abuse of the API. By default, the API keys are disabled in the Management Console. A tenant admin can revoke API keys and edit the API keys settings.