Authentication configurations for Qlik Sense Mobile for BlackBerry
Users must identify themselves when connecting to Qlik Sense Enterprise from Qlik Sense Mobile for BlackBerry.
Qlik Sense Mobile for BlackBerry supports a subset of the authentication solutions configurable on the Virtual Proxy:
- Ticket solution: The user must enters their Qlik credentials (domain\user name and password) to access Qlik Sense Enterprise. See: Ticket solution.
- SAML authentication: The user is redirected to a third-party identity provider for being authenticated. See also: SAML.
Windows Integrated Authentication: The user authenticates via a Kerberos protocol. See Windows Integrated Authentication.
For a complete overview on authentication solutions in Qlik Sense, see: Authentication solutions.
The Virtual Proxy can be configured to recognize any string from the HTTP User Agent of Qlik Sense Mobile for BlackBerry in the Windows authentication pattern. In this case, the Windows Integrated Authentication is attempted between the client and the Qlik Sense Hub.
Kerberos authentication solution
To allow Kerberos authentication, the following is required:
- Kerberos authentication must be enabled in the QMC. See: Editing proxies.
- A Kerberos SPN (Service Principal Name) associates the host URL with the Windows identity of the Qlik Sense Proxy Service.
Kerberos Constrained Delegation
If the BlackBerry infrastructure is configured to support Kerberos Constrained Delegation (KCD), users are not prompted to enter their credentials. The authentication procedure is handled using the credentials used for activating Qlik Sense Mobile for BlackBerry. See: Activating Qlik Sense Mobile for BlackBerry.
To implement Kerberos Constrained Delegation, contact BlackBerry.
If Kerberos Constrained Delegation is not enabled within the BlackBerry Dynamics EMM environment, users are required to enter their Windows User Principal Name (UPN) and password.
If Kerberos authentication is disabled in the QMC, or the required Kerberos SPN (Service Principal Name) is missing, users are required to enter their Windows user name and password.