Configuring SAML
With a SAML configuration, you can enable a single sign-on (SSO) solution that minimizes the number of times a user has to log on to cloud applications and websites. The SAML configuration involves the following steps:
-
Configuring the virtual proxy.
This step includes upload of the identity provider metadata.
-
Linking the virtual proxy to a proxy.
-
Uploading the service provider metadata to the identity provider.
-
Accessing Qlik Sense by using the virtual proxy prefix.
Configuring the virtual proxy
Do the following:
-
Create a virtual proxy and select SAML as authentication method.
Information noteThe virtual proxy must be linked to a proxy service in order to work. However, SAML authentication cannot be used for a default virtual proxy. If you only have a default virtual proxy you need to create a new virtual proxy for SAML authentication. -
(If you have already uploaded the identity provider metadata file, you can skip to the next step.) For the configuration to be complete, you need to upload the metadata file from the identity provider (SAML IdP metadata). Contact the identity provider if you cannot obtain the metadata from identity provider's website.
Do the following:
-
On the virtual proxy edit page, under Authentication, click the button for selecting the metadata file for SAML IdP metadata.
-
Navigate to the file and click Open.
-
Click View content to preview the file before you upload it.
Invalid file format or content will generate an error when you click Apply.
Information noteIf the link View content is displayed, a metadata file has already been uploaded. If you attempt to upload a file with exactly the same content as the already uploaded file, Apply will be disabled. -
- Stay on the virtual proxy edit page.
Linking the virtual proxy to a proxy
Do the following:
-
To the right on the Virtual proxy edit page, under Associated items, click Proxies.
The Associated proxies page is opened.
-
In the action bar, click Link.
The Select proxy services page is opened.
-
Select the node to link to and click Link.
The linked node is presented in the list Associated proxies. Your session is ended because the proxy has been restarted.
-
Restart the QMC.
Uploading the service provider metadata to the identity provider
Do the following:
- Open the virtual proxy overview page and select the proxy whose metadata that you want to download.
- Click Download metadata.
- Deliver the SP metadata, either through a web interface, or physically to the identity provider.
Accessing Qlik Sense by using the virtual proxy prefix
You can access your new virtual proxy by using the virtual proxy prefix in the URI.
Do the following:
-
Enter the following URI: https://[node]/[prefix]/.
You access Qlik Sense through your new virtual proxy with the SAML configuration that you have designed.