Configuring Security Assertion Markup Language (SAML) single sign-on (SSO)
With SAML configured, you can enable a single sign-on (SSO) solution that minimizes the number of times a user must log on to cloud applications and websites.
Requirements
- Configure Qlik NPrinting.
- Configure the identity provider (IdP) by uploading the Qlik NPrinting metadata, or manually extracting the required information.
- Upload the identity provider (IdP) metadata to Qlik NPrinting.
- Access Qlik NPrinting from the buttons on the login page, or the identity provider (IdP) console.
-
Any static strings in the user directory need to be inside square brackets [ ]. For example: [DOMAIN]
You must enable Windows authentication to use the Qlik NPrinting On-Demand Add-on on QlikView Web server and Qlik Sense.
If you only want to use JWT authentication, then you must install the Qlik NPrinting On-Demand Add-on on a QlikView Server configured on a Microsoft IIS Web Server.
Installing On-Demand Add-on on a Microsoft IIS hosted QlikView AccessPoint
Configuring Qlik NPrinting
Do the following:
- Log in to Qlik NPrinting as an administrator.
- Go to Admin > Settings and click on the SAML tab.
- Click the Add configuration button.
- Enter a Name for your SAML configuration.
- Select either WebConsole or NewsStand from the Portal drop-down.
- Enter the URL of your Qlik NPrinting web console or NewsStand in the Service Provider URL field. For example, https://myserver.mydomain:4993. Information noteThis must be a fully qualified domain name.
- Enter an Entity ID, for example OktaWebConsole. Information noteThis is used to configure your identity provider.
- Select the radio button for your preferred authentication method, either Authenticate user by Domain\Name or Authenticate user by email and enter the name for the attribute that is used to exchange communication between the identity provider (IdP) and Qlik NPrinting.
- Click Save.
- Click on the name of the configuration you created.
- Click on Download SP Metadata.
You have now created a SAML configuration and downloaded an IdPmetadata.xml file that you can use when configuring the IdP.
Configuring the identity provider (IdP)
Identity provider configuration is specific to the IdP that you choose. There is some information contained in the Qlik NPrinting metadata that you will need to complete your configuration regardless of your choice of IdP. Some identity providers allow you to upload the file, and automatically setup some of the configuration information, while others don’t. If your identity provider does not allow this, you can read the required information from the Qlik NPrinting metadata file and manually configure the IdP. If your IdP does not support metadata upload, you will required the following information from the Qlik NPrinting metadata:
- IdP Entity ID, as a property under the EntityDescriptor tag
- The Assertion Consumer Service URL, as the Location property of the AssertionConsumerService tag
- The Assertion Consumer Service Index as the index property of the AssertionConsumerService tag
Uploading the identity provider IdP metadata
As soon as the identity provider IdP configuration is complete, you can upload the IdP metadata to your Qlik NPrinting SAML configuration. Not all IdPs allow you to download a metadata file. If your IdP does not allow downloads, you must create a new file and with content provided by your identity provider.
Once you have the IdP metadata.xml file (the file name can be anything you choose, but the file extension must be .xml), you can upload it in the Qlik NPrinting SAML configuration page. This is required to complete the SAML configuration.
Do the following:
- Log in to Qlik NPrinting as an administrator.
- Go to Admin > Settings and click on the SAML tab.
- Select the configuration that you created in the first procedure.
- Click the Browse button to upload the IdP XML metadata file.
- Navigate to the location where your metadata.xml file is stored and select it.
- Click Save.
Accessing Qlik NPrinting via SSO
You can access Qlik NPrinting via SSO by going to the login page clicking on the identity provider IdP button. You can also access Qlik NPrinting directly from the identity provider by clicking on the Qlik NPrinting app, if your identity provider supports this feature.