Authentication is the procedure of verifying the identity and credentials of users wishing to access Qlik Sense.
Qlik Sense uses an external system to authenticate access by verifying the user identity and credentials. The interaction between Qlik Sense and the external identity provider is handled by authentication modules.
For a module to communicate with Qlik Sense, it has to be trusted. Transport Layer Security (TLS) and certificate authentication are used to authorize external components for communication with Qlik Sense.
In Qlik Sense, the authentication of a user consists of three distinct steps:
- Authentication module: Get the user identity and credentials.
- Authentication module: Request an external system to verify the user identity using the credentials.
- Transfer the user to Qlik Sense using the Ticket API, the Session API, or headers.
The first two steps are always handled by the authentication module. It is up to the authentication module to verify the user with a password or a ticket that only can be used once.
The third step can be performed in the following ways:
- Using the ticket API, which transfers the user and the user's attributes using a one-time ticket.
- Using the session API, whereby an external module can transfer web sessions that identify the user and the user's attributes to Qlik Sense.
- Using headers, with which a trusted system can transfer the user using HTTP headers. This is a common solution for integrating with Single Sign-On (SSO) systems.
- Qlik Sense can be configured to allow anonymous users.
All authentication in Qlik Sense is managed by the Qlik Sense Proxy Service (QPS). The QPS authenticates all users regardless of Qlik Sense client type. This means that the QPS also authenticates users of the Qlik Management Console (QMC).