With Qlik Sense Enterprise on Cloud Services, currently it is required to bring your own Identity Provider (IDP) and configure it to grant access for users to access the application. Unlike Qlik Sense Enterprise on Kubernetes which uses configuration yaml, when configuring authentication with Cloud Services, configuration is entered in a branded web form from within the initial tenant created for the person listed in the documentation for the contract. If you are unsure of how to perform this step, please contact your account manager*. *NOTE: Qlik Support and Site Reliability Engineering do not have access to configuration options available to the tenant admin. Additionally, we will not be able to easily identify the original admin. Please make sure you have this information before attempting recovery or making changes.
Once you have gone to this web form, you will be required to provide some necessary information from your Identity Provider.
- OpenID configuration (Auth0)/ OpenID Connect metadata URI (Okta): This is the URL to the endpoint that provides configuration information for the OAuth clients to interface with the IdP using the OpenID Connectprotocol.
- Client ID (only for interactive): ID of the configured client at the IdP for interactive user authentication.
- Client secret (only for interactive): Secret for the client configured at the IdP.
- Realm (optional): Name to associate with the IdP. This is the same as the domain name in Windows and it is used for naming consistency in multi-cloud.
Additionally, you should consider what values you are passing from your Identity provider to Qlik Sense. Generally, clients who have a windows environment will likely have different user name schemas.
For example, AD users often have 'domain\user' but different schemas can be passed by Identity Providers. This can cause licenses to be allocated for the same user but for two different accounts.
- Qlik Sense Enterprise on Cloud Services, June Release
- Qlik Sense for Business