How the Windows Authentication Pattern in Virtual Proxy enables form-based authentication

Click here for Video Transcript

The Qlik Sense Virtual Proxy has two different authentication options by default: Forms and Windows Authentication. The Windows Authentication Pattern setting determines which one is used. 

The setting is accessed through the Qlik Sense Management Console > Virtual Proxies > [Virtual Proxy] > Authentication

See Figure 1:

When a client connects to Qlik Sense, the browser sends a User-Agent string to as part of the standard connection process.

The Qlik Sense Proxy service reads this string and checks for the presence of the value found in Windows Authentication Pattern. If the string is present windows authentication is used and if the browser supports NTLM the user may be automatically logged in. If the automatic login fails they will get a pop-up asking for username and password.

If the Windows Authentication Pattern value is not found then we fall back to forms authentication where instead we use a form and always require a username and password for login.

The default value for Windows Authentication Pattern is "Windows", which is present in all windows browser user-agent strings. If you change it to say Chrome or Firefox instead only those browsers will be offered Windows authentication. If you want to use Windows Authentication on all browsers try setting it to another string found in all user-agents (besides Windows), for example, "Mozilla".

Related Content:

• Integrated Windows Authentication (IWA) with Qlik using Internet Explorer, Chrome and Firefox 
• Logging out of Qlik Sense: Using Forms authentication to log in and out of the Sense Hub 
• Qlik Sense Enterprise on Windows Default Authentication Module 
• Qlik Sense and Authentication