Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cbuursink
Partner - Contributor
Partner - Contributor
‎2018-08-17 08:10 AM

Assign roles based on AD group membership & Form based UPN login

I have 2 questions regarding QlikSense:

One of our customers would like to assign roles to users based on their AD group membership.

For example, assign the role "Root Admin" to every user that is a member of group "admin".

I looked through every tab in the QMC but I cannot find an option for this.

Is it possible to configure this?

For the second question,

Is it possible to use UPN login (user@example.com) when using Form based login?

The customer is using UPN based login in all their other systems so they would like to use this for QlikSense as well.

I know non form based authentication in combination with Kerberos authentication does work but the customer want's to use Forms.

1,637 Views
0 Likes
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee
‎2018-08-20 11:22 AM

Hey Christiaan,

One of our customers would like to assign roles to users based on their AD group membership.

For example, assign the role "Root Admin" to every user that is a member of group "admin".

I looked through every tab in the QMC but I cannot find an option for this.

Is it possible to configure this?

For this you will need a net new security rule. You will not be providing them the role of RootAdmin since that requires explicit calls to assign the role but you can provide 99.9% effect RootAdmin access.

For reference, see the Q-QMC-Administrators rule on https://github.com/levi-turner/Qonnections2018-Rules#backend-rules

Is it possible to use UPN login (user@example.com) when using Form based login?

The customer is using UPN based login in all their other systems so they would like to use this for QlikSense as well.

I know non form based authentication in combination with Kerberos authentication does work but the customer want's to use Forms.

I am unawares of a method to do this Forms authentication. Though if you are operating in a Windows environment, you can use ADFS which will provide a SAML auth box (forms style) and will accept UPN style usernames. In an ideal world, you'd configure the ADFS side to pass the Common Name as UserID so that users use the same User ID no matter whether they are using Windows or ADFS authentication (see attached doc)

Hope that helps.

View solution in original post

Preview file
225 KB
1,580 Views
1 Reply
Levi_Turner
Employee
Employee
‎2018-08-20 11:22 AM

Hey Christiaan,

One of our customers would like to assign roles to users based on their AD group membership.

For example, assign the role "Root Admin" to every user that is a member of group "admin".

I looked through every tab in the QMC but I cannot find an option for this.

Is it possible to configure this?

For this you will need a net new security rule. You will not be providing them the role of RootAdmin since that requires explicit calls to assign the role but you can provide 99.9% effect RootAdmin access.

For reference, see the Q-QMC-Administrators rule on https://github.com/levi-turner/Qonnections2018-Rules#backend-rules

Is it possible to use UPN login (user@example.com) when using Form based login?

The customer is using UPN based login in all their other systems so they would like to use this for QlikSense as well.

I know non form based authentication in combination with Kerberos authentication does work but the customer want's to use Forms.

I am unawares of a method to do this Forms authentication. Though if you are operating in a Windows environment, you can use ADFS which will provide a SAML auth box (forms style) and will accept UPN style usernames. In an ideal world, you'd configure the ADFS side to pass the Common Name as UserID so that users use the same User ID no matter whether they are using Windows or ADFS authentication (see attached doc)

Hope that helps.

Preview file
225 KB
1,581 Views