Q&A - Integrating SAML with Qlik Sense Enterprise Q: Is it possible to tether with an existing SSO, e.g. similar to the 'sign-up using Facebook/ Google/ Linked-In' without additional purchases? A: That kind of setup is solely done on the Identity Provider side and additional settings are usually not required on the Qlik Sense side, so it may be possible or not based on the Identity Provider used. Please check the documentation of your Identity Provider for more details.
Q: If I'm using one IdP Entity ID for a SAML virtual proxy, can I use the same IdP Entity ID for setting up SAML auth. for NPrinting web console and NPrinting NewsStand? A: Yes, but not the same SP Entity ID. Most of IdP won’t let you create 2 relying party trusts with the same SP Entity ID. (The Entity ID setting on the Qlik Sense virtual proxy is the SP Entity in this case).
Q: QlikView allows the domain/user to be separated , can this be done with Qlik Sense with SAML? A: Yes, the domain and the user are 2 separated attributed in the Qlik Sense SAML configuration.
Q: Do you have a comprehensive list with error messages in the trace logs? And the most probable issues related to that? A: We do not have a full list in a single knowledge base article. However each of the known error messages are documented in a separate knowledge base article on support.qlik.com.
Q: Is it possible to use both IDP and SDP for both QlikView and Qlik Sense Apps? A: QlikView does not support SAML. If you are referring to QlikView Apps distributed in the Qlik Sense unified hub, those are just links to the QlikView Document on the QlikView Server, so when opening the link, you will need to authenticate to the QlikView Server again even if you are already authenticated in Qlik Sense. For QlikView apps hosted in Qlik Sense on Kubernetes (November 2019 release), this extra-step of re-authenticating to QlikView will not be necessary anymore.
Q: I have 2 front-end load balanced web proxies. Can I used the same ADFS/SAML trust for both or do I have to create 2 separate trusts A: If the same third-party certificate is applied on all Qlik Sense proxies, and the virtual proxy added for SAML are linked to all Qlik Sense proxies, and that the external URL from the end user is a single URL, then a single trust is sufficient to accomplish this scenario.
Q: Is it possible to mix SSO and SAML? A: SSO (Single Sign-on) is a concept that the user does not have to input his credentials and is not a type of authentication in itself. If you mean mix Windows authentication and SAML authentication, yes that is possible, but it will require two separate virtual proxies created in Qlik Sense.
Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.