If coming from QlikView, it is known that implementing custom authentication such as SAML, JWT, etc. requires specialized knowledge and the examples provided (as described in Customized Authentication in QlikView 11
) are only provided as-is with no warranty.
Qlik Sense, however, largely improves on the ability to implement customized authentication as it is now configurable from within the Qlik Management Console (QMC) via Virtual Proxy
- Qlik Sense Enteprise for Windows, all versions
Supported customized authentication methods now include, as of September 2019
- Ticket - This consists in requesting a ticket to the Qlik Proxy API and consuming it by appending it to the Qlik Sense URL. This is generally the preferred method when integrating Qlik Sense in an iFrame as this does not require to set up headers or cookie, which may be blocked by browser cross-site scripting prevention policy.
- Session - This consists of creating a session id with the Qlik Proxy API and then set the cookie with that same session id on the user side.
- Header - This consists of sending the username you want to authenticate as in an HTTP header. This is considered as unsafe if there is no reverse proxy or proxy between the clients and server that will filter who is able to send a header to get authenticated, so this is a point that should be considered when using Header authentication.
- SAML - The authentication is accomplished by exchange of claims between the Identity Provider (IdP) and the Service Provider (Qlik Sense)
- JWT - The authentication is accomplished with a JSON formatted token signed with the private key of a specific certificate. Qlik Sense will check if the signature is correct based on the certificate provided in the virtual proxy configuration.
Our Knowledge base has many articles available describing configuration of different authentication methods and related troubleshooting, for example:
More resources are available at http://help.qlik.com, as well as Qlik Community. Please keep in mind, however, that "how to" questions are generally outside the scope of technical support; if you need step-by-step help with setting up customized authentication please reach out to your Account Owner to inquire about Education Services or Consulting Services (see When and How to Contact the Consulting Team?).