Google (G-suite) can be used as a SAML identity provider together with Qlik Sense in order to implement a single sign-on solution.
With its default settings, Google is signing the SAML response. Due to current limitations in Qlik Sense, signed response is currently not supported, only signed assertion in an unsigned response is supported.
A feature request has been logged in order for Qlik Sense to support signed response in the future.
Disclaimer: This article is not a step-by-step on how to set up SAML with Google. It explains product limitations and points to be aware of when using Google as an Identity Provider.
You will be able to use Google as an Identity Provider in Qlik Sense but with the following requirements:
- Use HTTPS in Qlik Sense.
- Use an unsigned response in Google.
- Identity Provider initiated login will not work as it requires a signed assertion. Only service provider (Qlik Sense) initiated login will work.
Procedure:1) Google Administration Console: Google IdP Information
- Download the Identity provider metadata file
- Open the metadata file in a text editor and remove the whole <KeyDescriptor> .... </KeyDescriptor> section.2) Qlik Sense: Virtual Proxy settings
- Upload the modified IDP metadata file by clicking "Choose file" for the SAML IdP metadata3) Google Administration Console: Service Providers details
Set the following based on your Qlik Sense virtual proxy configuration:
AssertionConsumerService(ACS) url: https://qliksenseservername.org:443/yourvirtualproxyprefix/samlauthn/
NameID Format: transient
Make sure that "Signed response
" is NOT