Customized Authentication in Qlik Sense

If coming from QlikView, it is known that implementing custom authentication such as SAML, JWT, etc. requires specialized knowledge and the examples provided (as described in Customized Authentication in QlikView 11) are only provided as-is with no warranty. 
Qlik Sense, however, largely improves on the ability to implement customized authentication as it is now configurable from within the Qlik Management Console (QMC) via Virtual Proxy configurations.
 

Environment:

• Qlik Sense Enterprise for Windows, all versions

Supported customized authentication methods now include, as of June 2020:

• Windows / NTLM - This is the authentication method used by default, a browser popup will appear so that the user inputs his Windows credentials or the user will be logged in automatically if the browser is set up to automatically pass Windows credentials (See Integrated Windows Authentication (IWA) with Qlik using Internet Explorer, Chrome and Firefox)

• Ticket - This consists in requesting a ticket to the Qlik Proxy API and consuming it by appending it to the Qlik Sense URL. This is generally the preferred method when integrating Qlik Sense in an iFrame as this does not require to set up headers or cookie, which may be blocked by browser cross-site scripting prevention policy.

• Session - This consists of creating a session id with the Qlik Proxy API and then set the cookie with that same session id on the user side.

• Header - This consists of sending the username you want to authenticate as in an HTTP header. This is considered as unsafe if there is no reverse proxy or proxy between the clients and server that will filter who is able to send a header to get authenticated, so this is a point that should be considered when using Header authentication.

• SAML - The authentication is accomplished by exchange of claims between the Identity Provider (IdP) and the Service Provider (Qlik Sense)

• JWT - The authentication is accomplished with a JSON formatted token signed with the private key of a specific certificate. Qlik Sense will check if the signature is correct based on the certificate provided in the virtual proxy configuration.

• Anonymous Users - The user does not need to authenticate. Anonymous users may be allowed or not based on the type of license you are using, please check Which Qlik Sense Enterprise licenses support anonymous access?

Our Knowledge base has many articles available describing configuration of different authentication methods and related troubleshooting, for example:

• Kerberos authentication with Qlik Sense
• Is oAuth or OpenID Connect Authentication Supported in Qlik Sense?
• Postman: A simple ticket request (Qlik Sense Proxy API)
• And more...

More resources are available at http://help.qlik.com, as well as Qlik Community. Please keep in mind, however, that "how to" questions are generally outside the scope of technical support; if you need step-by-step help with setting up customized authentication please reach out to your Account Owner to inquire about Education Services or Consulting Services (see When and How to Contact the Consulting Team?).