This article explains what is supported and what is not when using Azure Active Directory.Environments:
- Qlik Sense Enterprise all versions
- Qlik Sense Enterprise on Cloud Services
Authentication with Azure AD as an Idp for Qlik Sense Enterprise on Cloud Services
How to: Configure Qlik Sense Enterprise SaaS to use Azure AD as an IdP
Authentication with Azure
In any Qlik Sense Enterprise for Windows version 2.0 and higher, Azure Active Directory is tested and confirmed as supported as an SAML Identity Provider with Qlik Sense.
Regarding implementation of SAML Authentication with Azure, please see instructions at the following link:https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-qliksense-enterprise-tutorial
User Directory Connector with Azure AD
Unlike a regular Active Directory, Azure AD does not support the LDAP protocol and therefore cannot be used in Qlik Sense at the moment.
A User Directory Connector is solely used to synchronized groups and user attributes from the directory so that you can build your security rules bases on those and does not impact authentication.
For groups, as a workaround, you can simply use group attributes sent in the SAML request by Azure and build your security rules based on those.
You just need to be aware that those attributes will not show up in the user information in the QMC as they are session-based.
The group attribute received from a SAML provider is stored in the user.environment.group
variable instead of the user.group
If you are uncertain of what group attributes were received, you can enable Debug log on the Qlik Proxy service to check those. See instructions in:How to see SAML attributes received by Qlik Sense (user.environment)
User Directory Connector with Azure AD DS
Azure AD DS and Azure AD are 2 different offers and have different features. Please see the below link about the differences:
As said above, Azure AD does not support LDAP, but Azure AD DS does.
Below are a few helpful links when setting up Azure AD DS in Qlik Sense:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldapQlik Sense: Does User Directory Connector supports LDAPS?
Once the User Directory Connector is setup correctly in Qlik Sense, use the user.group
variable in your security rules to assign the access rights.