Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Google Workspace (formerly known as G-Suite) as a SAML Identity Provider

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Damien_Villaret
Support
Support

Google Workspace (formerly known as G-Suite) as a SAML Identity Provider

Last Update:

Feb 23, 2021 4:27:00 AM

Updated By:

Sonja_Bauernfeind

Created date:

Aug 20, 2017 3:04:22 AM

 Google Workspace can be used as a SAML identify Provider for Qlik Sense Enterprise on Windows, facilitating a single sign-on solution. In this article, we will cover how to perform a quick setup using Qlik Sense Enterprise on Windows September 2020.

Prepare the SAML App in Google Marketplace.

  1. Log on to your Google Marketplace Admin console
  2. Open Apps 

    Sonja_Bauernfeind_1-1604320950082.png

     



  3.  From the list of available Applications, select SAML Apps

    Sonja_Bauernfeind_2-1604321029209.png
  4.  Click Add App 
  5. Choose Add custom SAML app

    Sonja_Bauernfeind_4-1604321226191.png

  6.  Choose an App name.
    We are using Qlik Sense as the App name.
  7. Click Continue

    Sonja_Bauernfeind_5-1604321340209.png

  8.  Click DOWNLOAD METADATA and CONTINUE.

    Sonja_Bauernfeind_6-1604321493273.png

     

  9. The download provides you with a GoogleIDPMetadata.XML file. Copy this file to your Qlik Sense Enterprise on Windows host machine. 

 

Setting up SAML

To begin setting up SAML, we need to set up a new Virtual Proxy. 

  1. Open the Qlik Sense Management Console
  2. In the menu to the left, locate Virtual Proxies 
  3. In the Virtual Proxies setup, click Create new

    SAML01 - Create Virtual Proxy.png

  4. Select Identification, AuthenticationLoad balancing, and Advanced  in the Properties menu on the right. 

    SAML02 - Virtual Proxy Properties options.png

  5. Populate the Virtual Proxy fields. Our example follows below, including short descriptions. 
    1. We begin with the Identification settings
    2. Description: SAML
      This is the description of the Virtual Proxy.
    3. Prefix: saml
      This value needs to be unique across all your Virtual Proxies. Note the character restrictions as documented in the visual guide. 
    4. Session cookie header name: X-Qlik-saml
      The cookie header name must be unique across all your virtual proxies used by the same proxy service. 
    5. We move on to the Authentication settings.
    6. Anonymous access mode: No anonymous user
    7. Authentication method: SAML
      This is where we choose what module the Virtual Proxy uses
    8. SAML single logout checkbox
      We leave this unticked. Our IdP metadata file does not include a logout URL.
    9. SAML host URI: https://qlikserver2.domain.local/
      This is our Qlik Sense Proxy URL. You will need this URL for the remaining SAML setup in Google Workspace. 
    10. SAML entity ID: GoogleSAML
      This is the entity ID that we choose. You will need this ID for the remaining SAML setup in Google Workspace. 
    11. SAML idP metadata: Upload the GoogleIDPMetadata.xml file.
    12. SAML attribute for userID: email
      Choose what attribute to use for the userID. We choose email. 
    13. SAML attribute for user directory: [DOMAIN]
      The static attribute must be enclosed in brackets. We choose DOMAIN
    14. SAML signing algorithm: SHA-1
      We leave this unchanged.
    15. Move on to the Load Balancing settings and click Add new server node to choose the Engine nodes the Virtual Proxy should be using. 
    16. We move on to the Advanced settings
    17. These depend on your setup. We choose to use Lax SameSite attribute (https)

      SAML03 - Virtual Proxy Advanced options.png

    18. Add any required hosts to the Host white list 
      These are the names or IP addresses your users use to connect to the Virtual Proxy with. Eg: domainname.com or machinename.domain.com.
    19. Click Apply 
    20. You will be alerted that the Proxy Services associated with this Virtual Proxy will restart
    21. Now we will associate a Proxy to the Virtual Proxy. You will notice a new menu available in the right-hand corner: Associated items - Proxies
    22. Click Proxies 
    23. Click Link
    24. Follow the on-screen instructions to link the Proxy

      SAML04 - Virtual Proxy Add Proxy options.png

    25. The Proxy will restart.
    26. Return to the Virtual Proxies overview and select your SAML virtual proxy 
    27. In the menu at the bottom of the screen click Download SP metadata
      This will give you a saml_metadata_sp.xml including the remaining details you need for the setup.

Finalizing the SAML Setup in Google Workspace

  1. Return to your SAML App in Google Workspace. We will be filling out the bare minimum. Depending on your requirements, this may vary. Our examples are shown below.
  2. Based on the information in your saml_metadata_sp.xml and settings, fill out:
    1. ACS URL: https://qlikserver2.domain.local:443/saml/samlauthn/
    2. Entity ID: GoogleSAML
    3. Signed response is not supported in Qlik Sense. 
    4. Name ID format: EMAIL
    5. Name ID: Basic Information > Primary eMail

      Sonja_Bauernfeind_1-1604327043444.png
  3. Click Continue
  4. Click Add mapping and fill out the Attributes 
    Note that these are case sensitive. We used email in Qlik Sense, so we do the same here.

    Sonja_Bauernfeind_0-1604326950976.png

     

  5. Click Finish


This concludes the setup!

To test, access the Qlik Sense hub using the prefix defined in the setup. In our case, the URL is: https://qlikserver2.domain.local/saml

You will be redirected to a Google Account signing page.

3,019 Views
Was this article helpful? Yes No
Contributors
Version history
Last update:
‎2021-02-23 04:27 AM
Updated by:
Digital Support