PhenixID

Step by Step – QlikView / Qlik Sense MFA and SSO with PhenixID Authentication Services

Summary

This document will guide you through the steps to enable multi-factor authentication and Single-Sign On for QlikView / Qlik Sense (https://www.qlik.com/us).

System Requirements

  • PhenixID Authentication Server 2.0 or higher
  • QlikView / Qlik Sense administration rights
  • The users to be federated must be present in QlikView / Qlik Sense (Manually added or automatically provisioned)

Instruction

Overview

This document will guide you through the steps to enable multi-factor authentication and Single-Sign on for QlikView / Qlik Sense .

PhenixID Server acting as SAML IdP

  1. Login to Configuration Manager
  2. Scenarios->Federation
  3. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios presented.
    (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  4. Open the execution flow for the IdP just added
  5. Make sure the attributes mail and userID (sAMAccountName if AD, uid if other LDAP store) are from the user store. (LDAPSearchValve)
  6. Add a new valve to the last execution flow
    1. PropertyCopyValve
      Source = <user_id_attribute_name>
      Destination = urn:oid:0.9.2342.19200300.100.1.1
    2. Place the valve (by drag-and-drop) before the AssertionProvider valve.
  7. Add a new valve to the last execution flow
    1. PropertyCopyValve
      Source = mail
      Destination = urn:oid:0.9.2342.19200300.100.1.3
    2. Place the valve (by drag-and-drop) before the AssertionProvider valve.
  8. Click the AssertionProvider
  9. Make these changes
    1. Additional attributes = urn:oid:0.9.2342.19200300.100.1.1,urn:oid:0.9.2342.19200300.100.1.3
    2. Add Miscellaneous value
      1. signMessage = false
      2. signAssertion = true
      3. nameIdFormat = urn:oasis:names:tc:SAML:2.0:nameid- format:transient
    3. Save

      Sample AssertionProvider:

  10. Go to Scenarios->Federation-> <newly_added_idp_scenario> -> Identity Provider. Deselect “Require signed requests”. Save.
  11. Click “View SAML Metadata”.
  12. Download the metadata to a xml file.

Configure QlikView / Qlik Sense

It is recommended to consult a QlikView / Qlik Sense professional services resource for this step.

  1. Login to QlikView / Qlik Sense as an admin
  2. Navigate to SAML Settings (consult your Qlik technical contact to find it)
  3. Upload the SAML Identity Provider metadata
  4. Retrieve the SAML SP Metadata (as an xml file)

Add trust to QlikView / Qlik Sense on PhenixID Authentication Services

  1. Login to configuration manager
  2. Open Scenarios->Federation->SAML Metadata upload
  3. Click the plus sign
  4. Add QlikView / Qlik Sense SAML SP Metadata by uploading the XML file fetched in previous step.

Test

  1. Browse to your QlikView / Qlik Sense site
  2. This should result in a redirect to PhenixID Authentication Server
  3. Authenticate
  4. If authentication was successful, a redirect to QlikView / Qlik Sense should occur (with SAML assertion)
  5. The user should now be logged in.
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se