Configuring Security Assertion Markup Language (SAML) single sign-on (SSO)

With SAML configured, you can enable a single sign-on (SSO) solution that minimizes the number of times a user must log on to cloud applications and websites. To configure SAML you must:

  • Configure Qlik NPrinting.
  • Configure the identity provider (IdP) by uploading the Qlik NPrinting metadata, or manually extracting the required information.
  • Upload the identity provider (IdP) metadata to Qlik NPrinting.
  • Access Qlik NPrinting from the buttons on the login page, or the identity provider (IdP) console.
Note:

You must enable Windows authentication to use the Qlik NPrinting On-Demand Add-on on QlikView Web server.

If you only want to use SAML authentication, then you must install the Qlik NPrinting On-Demand Add-on on a QlikView Server configured on a Microsoft IIS Web Sever.

Installing Qlik NPrinting On-Demand on a Microsoft IIS hosted QlikView AccessPoint

Configuring Qlik NPrinting

Do the following:

  1. Log in to Qlik NPrinting as an administrator.
  2. Go to Admin > Settings and click on the SAML tab.
  3. Click the Add configuration button.
  4. Enter a Name for your SAML configuration.
  5. Select either WebConsole or NewsStand from the Portal drop-down.
  6. Enter the URL of your Qlik NPrinting web console or NewsStand in the Service Provider URL field. For example, https://myserver.mydomain:4993.
    Note: This must be a fully qualified domain name.
  7. Enter an Entity ID, for example OktaWebConsole.
    Note: This is used to configure your identity provider.
  8. Note: Do not upload the identity provider metadata yet. You can upload the metadata after you complete the identity provider configuration.
  9. Select the radio button for your preferred authentication method, either Authenticate user by Domain\Name or Authenticate user by email and enter the name for the attribute that is used to exchange communication between the identity provider (IdP) and Qlik NPrinting.
  10. Click Save.

Configuring the identity provider (IdP)

Identity provider configuration is specific to the IdP that you choose. There is some information contained in the Qlik NPrinting metadata that you will need to complete your configuration regardless of your choice of IdP. Some identity providers allow you to upload the file, and automatically setup some of the configuration information, while others don’t. If your identity provider does not allow this, you can read the required information from the Qlik NPrinting metadata file and manually configure the IdP. If your IdP does not support metadata upload, you will required the following information from the Qlik NPrinting metadata:

  • IdP Entity ID, as a property under the EntityDescriptor tag
  • The Assertion Consumer Service URL, as the Location property of the AssertionConsumerService tag
  • The Assertion Consumer Service Index as the index property of the AssertionConsumerService tag

Uploading the identity provider IdP metadata

As soon as the identity provider IdP configuration is complete, you can upload the IdP metadata to your Qlik NPrinting  SAML configuration. Not all IdPs allow you to download a metadata file. If your IdP does not allow downloads, you must create a new file and with content provided by your identity provider.

Once you have the IdP metadata.xml file (the file name can be anything you choose, but the file extension must be .xml), you can upload it in the Qlik NPrinting SAML configuration page. This is required to complete the SAML configuration.

Do the following:

  1. Log in to Qlik NPrinting as an administrator.
  2. Go to Admin > Settings and click on the SAML tab.
  3. Select the configuration that you created in the first procedure.
  4. Click the Browse button to upload the IdP XML metadata file.
  5. Navigate to the location where your metadata.xml file is stored and select it.
  6. Click Save.

Accessing Qlik NPrinting via SSO

You can access Qlik NPrinting via SSO by going to the login page clicking on the identity provider IdP button. You can also access Qlik NPrinting directly from the identity provider by clicking on the Qlik NPrinting app, if your identity provider supports this feature.