Create user in Qlik Sense Enterprise on Windows
We recommend that you create a new user Qlik Sense Enterprise on Windows for integration with Atlan.
To create a new user, follow the steps in the Microsoft Windows documentation and then add the new user:
- Log in to your Qlik Sense Enterprise on Windows instance.
- Navigate to the active directory or identity provider of your Qlik Sense Enterprise on Windows version and add the new user.
Allocate user access
Once you've created a new user, you will need to allocate user access for integration with Atlan.
To allocate user access to the new user:
- Log in to Qlik Management Console (QMC):
https://<QPS server name>/qmc
. - To allocate a license to the new user, in the left menu, click License management.
- In the right panel for License management, click Professional access allocations.
- At the bottom of the Professional access allocations screen, click Allocate.
- From the Users dialog, select the new user you created and click Allocate to complete user allocation.
You can also set up roles and groups for robust access management.
Set permissions
Once you've added the new user, you will need to provide the new user with Read
permission to your streams, apps, sheets, charts, and connections.
To set the minimum permissions required to crawl Qlik Sense Enterprise on Windows:
- Log in to Qlik Management Console (QMC):
https://<QPS server name>/qmc
. - In the left menu under Manage Resources, click Security rules.
- At the bottom of the Security rules screen, click Create new.
- In the Edit security dialog, enter the following details:
- For Name, enter a meaningful name for your security rule.
- For Basic, under Actions, click Read to provide
Read
access. - At the bottom of the dialog, click Apply to apply your security rule.
(Optional) Create a virtual proxy
Once you've set permissions for the new user, you can create a virtual proxy for authentication.
Atlan supports the following authentication methods for Qlik Sense Enterprise on Windows:
Windows authentication
Central
without a prefix that supports Windows authentication. If it is still available on your instance, you can skip creating a new one and simply edit it.To create a virtual proxy for Windows authentication:
- Log in to Qlik Management Console (QMC):
https://<QPS server name>/qmc
. - In the left menu under Configure Systems, click Virtual proxies.
- At the bottom of the Virtual proxies screen, click Create new.
- In the Edit virtual proxy screen:
- For Identification, enter the following details:
- For Description, add a description for your virtual proxy.
- For Prefix, add a path name in the proxy’s URI — use only lowercase letters for the prefix.
- For Session cookie header name, add the name of the HTTP header used for the session cookie.
- For Authentication, enter the following details:
- For Authentication method, select Ticket as the authentication method.
- For Windows authentication pattern, select Windows.
- For Identification, enter the following details:
- Click Apply to save your authentication details.
JWT authentication
To create a virtual proxy for JSON Web Token (JWT) authentication:
- Log in to Qlik Management Console (QMC):
https://<QPS server name>/qmc
. - In the left menu under Configure Systems, click Virtual proxies.
- At the bottom of the Virtual proxies screen, click Create new.
- In the Edit virtual proxy screen:
- For Identification, enter the following details:
- For Description, add a description for your virtual proxy.
- For Prefix, add a path name in the proxy’s URI — use only lowercase letters for the prefix.
- For Session cookie header name, add the name of the HTTP header used for the session cookie.
- For Authentication, enter the following details:
- For Authentication method, select JWT.
- For JWT certificate, you can either:
- To generate a key pair using
openssl
, open thepublic.key
file in a text editor of your choice, copy the key, and paste it. - To use the same certificate as your Qlik Sense Enterprise on Windows instance, you can find it in the path
C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates
. Open theserver.pem
file in a text editor of your choice, copy the content, and paste it.
- To generate a key pair using
- For JWT attribute for user ID, add the JWT attribute name for the attribute describing the user ID.
- For JWT attribute for user directory, add JWT attribute name for the attribute describing the user directory.
- (Optional) Under Advanced, for Host allow list, add the host IP addresses of your Qlik Sense Enterprise on Windows deployment.
- For Identification, enter the following details:
- Click Apply to save your authentication details.
(Optional) Generate a JWT
To generate a JSON Web Token (JWT) for crawling Qlik Sense Enterprise on Windows:
- Open the JWT website.
- At the top of the screen, click Debugger.
- For Algorithm, click the dropdown arrow and select RS256.
- For Payload, add the user ID and directory for your virtual proxy.
- For Verify signature, paste the
server_key.pem
(private key) andserver.pem
(public key) pair fromC:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates
in the appropriate fields. - In the left Encoded field, copy the generated token and save it in a temporary location.
🚨 Careful! To confirm that you've used the right key pair, navigate to the bottom of the screen and ensure that you can see the Signature Verified status.