Identity providers in multi-cloud – introduction

An identity provider (IdP) manages identity information for users and provides authentication services. The identity provider enables single sign-on (SSO) so that you can access other websites, without having to log in repeatedly. In contrast to on-premise technologies, such as Active Directory and LDAP, identity providers also offer a consistent and governed experience when accessing cloud services, eliminating the need to create accounts for each new service.

Note: If user accounts are stored in Active Directory, the IdP can still enable integration into cloud software.

IdPs in a multi-cloud deployment

In a multi-cloud deployment, an IdP delivers the following:

  • Secure authentication of a user and a common identity (user ID and groups) passed between all deployments.
  • Common user identity to assign a license to (to avoid double use).
  • Common user ID and attributes, such as groups, to use when applying access control to content.

Requirements of a multi-cloud IdP

Both Qlik Cloud Services and Qlik Sense Enterprise for elastic deployments integrate with an IdP using the OpenID Connect (OIDC) standard. This is a standard that allows both interactive login, where a user logs in via a browser, and automated login, using APIs via a software product.

Qlik Sense Enterprise for Windows currently does not support OIDC, but supports SAML, or any method that allows a consistent user identity to the one provided by the IdP.

Note: In summary, an IdP for multi-cloud must support both OIDC and SAML.

The following is required from the IdP to be able to set up Qlik Sense Enterprise for elastic deployments to use it:

  • discoveryUrl: the OpenID Connect Discovery URL which allows applications, such as Qlik Sense, to use the IdP with minimal configuration.
  • clientId: uniquely identifies the client from the IdP.
  • clientSecret: the secret that the client uses along with the client ID to authentication with the IdP.
  • realm: the name to associate with the IdP.
  • hostname: the hostname that is used for the deployment of Qlik Sense Enterprise for elastic deployments.

These values are added to the values.yaml file under the identity-providers section when installing Qlik Sense Enterprise for elastic deployments.

Step-by-step examples of this configuration are provided for the following IdP vendors:

Did this information help you?

Thanks for letting us know. Is there anything you'd like to tell us about this topic?

Can you tell us why it did not help you and how we can improve it?