How to set up Qlik Sense Enterprise on Windows

🤓 Who can do this? You will need your Qlik Sense Enterprise on Windows administrator to complete these steps — you may not have access yourself.

Create user in Qlik Sense Enterprise on Windows

💪 Did you know? By default, your identity provider for your Qlik Sense Enterprise on Windows version will be Microsoft Windows. So, your Microsoft Windows users will be your Qlik users. To add a new user in this case, you only need to create a new Windows local account.

We recommend that you create a new user Qlik Sense Enterprise on Windows for integration with Atlan.

To create a new user, follow the steps in the Microsoft Windows documentation and then add the new user:

  1. Log in to your Qlik Sense Enterprise on Windows instance.
  2. Navigate to the active directory or identity provider of your Qlik Sense Enterprise on Windows version and add the new user.

Allocate user access

Once you've created a new user, you will need to allocate user access for integration with Atlan.

To allocate user access to the new user:

  1. Log in to Qlik Management Console (QMC): https://<QPS server name>/qmc.
  2. To allocate a license to the new user, in the left menu, click License management.
  3. In the right panel for License management, click Professional access allocations.
  4. At the bottom of the Professional access allocations screen, click Allocate.
  5. From the Users dialog, select the new user you created and click Allocate to complete user allocation.

You can also set up roles and groups for robust access management.

Set permissions

💪 Did you know? Atlan does not make any API requests or queries that will update the objects in your Qlik Sense Enterprise on Windows instance.

Once you've added the new user, you will need to provide the new user with Read permission to your streams, apps, sheets, charts, and connections.

To set the minimum permissions required to crawl Qlik Sense Enterprise on Windows

  1. Log in to Qlik Management Console (QMC): https://<QPS server name>/qmc.
  2. In the left menu under Manage Resources, click Security rules.
  3. At the bottom of the Security rules screen, click Create new
  4. In the Edit security dialog, enter the following details:
    1. For Name, enter a meaningful name for your security rule. 
    2. For Basic, under Actions, click Read to provide Read access.
    3. At the bottom of the dialog, click Apply to apply your security rule. 
🚨 Careful! If JWT authentication is already enabled for your Qlik Sense Enterprise on Windows instance, you can proceed to generating a JWT. If Windows authentication is already enabled for your Qlik Sense Enterprise on Windows instance, you can directly proceed to crawling Qlik Sense Enterprise on Windows.

(Optional) Create a virtual proxy

Once you've set permissions for the new user, you can create a virtual proxy for authentication.

Atlan supports the following authentication methods for Qlik Sense Enterprise on Windows:

Windows authentication

💪 Did you know? When Qlik Sense Enterprise on Windows is installed, it automatically creates a default virtual proxy called Central without a prefix that supports Windows authentication. If it is still available on your instance, you can skip creating a new one and simply edit it.

To create a virtual proxy for Windows authentication:

  1. Log in to Qlik Management Console (QMC): https://<QPS server name>/qmc.
  2. In the left menu under Configure Systems, click Virtual proxies.
  3. At the bottom of the Virtual proxies screen, click Create new.
  4. In the Edit virtual proxy screen:
    1. For Identification, enter the following details:
      1. For Description, add a description for your virtual proxy.
      2. For Prefix, add a path name in the proxy’s URI — use only lowercase letters for the prefix.
      3. For Session cookie header name, add the name of the HTTP header used for the session cookie.
    2. For Authentication, enter the following details:
      1. For Authentication method, select Ticket as the authentication method. 
      2. For Windows authentication pattern, select Windows
  5. Click Apply to save your authentication details.

JWT authentication

To create a virtual proxy for JSON Web Token (JWT) authentication:

  1. Log in to Qlik Management Console (QMC): https://<QPS server name>/qmc.
  2. In the left menu under Configure Systems, click Virtual proxies.
  3. At the bottom of the Virtual proxies screen, click Create new.
  4. In the Edit virtual proxy screen:
    1. For Identification, enter the following details:
      1. For Description, add a description for your virtual proxy.
      2. For Prefix, add a path name in the proxy’s URI — use only lowercase letters for the prefix.
      3. For Session cookie header name, add the name of the HTTP header used for the session cookie.
    2. For Authentication, enter the following details:
      1. For Authentication method, select JWT
      2. For JWT certificate, you can either:
        • To generate a key pair using openssl, open the public.key file in a text editor of your choice, copy the key, and paste it.
        • To use the same certificate as your Qlik Sense Enterprise on Windows instance, you can find it in the path C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates. Open the server.pem file in a text editor of your choice, copy the content, and paste it.
      3. For JWT attribute for user ID, add the JWT attribute name for the attribute describing the user ID. 
      4. For JWT attribute for user directory, add JWT attribute name for the attribute describing the user directory.
    3. (Optional) Under Advanced, for Host allow list, add the host IP addresses of your Qlik Sense Enterprise on Windows deployment.
  5. Click Apply to save your authentication details.

(Optional) Generate a JWT

To generate a JSON Web Token (JWT) for crawling Qlik Sense Enterprise on Windows:

  1. Open the JWT website.
  2. At the top of the screen, click Debugger.
  3. For Algorithm, click the dropdown arrow and select RS256.
  4. For Payload, add the user ID and directory for your virtual proxy.
  5. For Verify signature, paste the server_key.pem (private key) and server.pem (public key) pair from C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates in the appropriate fields.
  6. In the left Encoded field, copy the generated token and save it in a temporary location.
    🚨 Careful! To confirm that you've used the right key pair, navigate to the bottom of the screen and ensure that you can see the Signature Verified status.

Related articles

Was this article helpful?
0 out of 0 found this helpful