Identity providers in multi-cloud – introduction

An identity provider (IdP) manages identity information for users and provides authentication services. The identity provider enables single sign-on (SSO) so that you can access other websites, without having to log in repeatedly. In contrast to on-premise technologies, such as Active Directory and LDAP, identity providers also offer a consistent and governed experience when accessing cloud services, eliminating the need to create accounts for each new service.

Nota: If user accounts are stored in Active Directory, the IdP can still enable integration into cloud software.

IdPs in a multi-cloud deployment

In a multi-cloud deployment, an IdP delivers the following:

  • Secure authentication of a user and a common identity (user ID and groups) passed between all deployments.
  • Common user identity to assign a license to (to avoid double use).
  • Common user ID and attributes, such as groups, to use when applying access control to content.

Requirements of a multi-cloud IdP

Both Qlik Cloud Services and Qlik Sense Enterprise for elastic deployments integrate with an IdP using the OpenID Connect (OIDC) standard. This is a standard that allows both interactive login, where a user logs in via a browser, and automated login, using APIs via a software product.

Qlik Sense Enterprise for Windows currently does not support OIDC, but supports SAML, or any method that allows a consistent user identity to the one provided by the IdP.

Nota: In summary, an IdP for multi-cloud must support both OIDC and SAML.

The following is required from the IdP to be able to set up Qlik Sense Enterprise for elastic deployments to use it:

  • discoveryUrl: the OpenID Connect Discovery URL which allows applications, such as Qlik Sense, to use the IdP with minimal configuration.
  • clientId: uniquely identifies the client from the IdP.
  • clientSecret: the secret that the client uses along with the client ID to authentication with the IdP.
  • realm: the name to associate with the IdP.
  • hostname: the hostname that is used for the deployment of Qlik Sense Enterprise for elastic deployments.

These values are added to the values.yaml file under the identity-providers section when installing Qlik Sense Enterprise for elastic deployments.

Step-by-step examples of this configuration are provided for the following IdP vendors: