Azure Active Directory Application Proxy and Qlik Sense
Azure Active Directory Application Proxy and Qlik Sense have partnered together to ensure you are easily able to use Application Proxy to provide remote access for your Qlik Sense deployment.
The remainder of this scenario assumes you done the following:
- Configured Qlik Sense.
- Installed an Application Proxy connector
Publish your applications in Azure
To publish QlikSense, you will need to publish two applications in Azure.
Follow these steps to publish your app. For a more detailed walkthrough of steps 1-8, see Publish applications using Azure AD Application Proxy.
- Sign in to the Azure portal as a global administrator.
- Select Azure Active Directory > Enterprise applications.
- Select Add at the top of the blade.
- Select On-premises application.
- Fill out the required fields with information about your new app. Use the following guidance for the settings:
- Internal URL: This application should have an internal URL that is the QlikSense URL itself. For example, https://demo.qlikemm.com:4244
- Pre-authentication method: Azure Active Directory (Recommended but not required)
- Select Add at the bottom of the blade. Your application is added, and the quick start menu opens.
- In the quick start menu, select Assign a user for testing, and add at least one user to the application. Make sure this test account has access to the on-premises application.
- Select Assign to save the test user assignment.
- (Optional) On the app management blade, select Single sign-on. Choose Kerberos Constrained Delegation from the drop-down menu, and fill out the required fields based on your Qlik configuration. Select Save.
Follow the same steps as for Application #1, with the following exceptions:
Step #5: The Internal URL should now be the QlikSense URL with the authentication port used by the application. The default is 4244 for HTTPS, and 4248 for HTTP for QlikSense releases prior to April 2018. The default for QlikSense releases after April 2018 is 443 for HTTPS and 80 for HTTP. Ex: https://demo.qlik.com:4244 Step #10: Don’t set up SSO, and leave the Single sign-on disabled
Your application is now ready to test. Access the external URL you used to publish QlikSense in Application #1, and login as a user assigned to both applications.
For more information about publishing Qlik Sense with Application Proxy, refer to following the Qlik Community Articles:
- Azure AD with integrated Windows authentication using a Kerberos Constrained Delegation with Qlik Sense
- Qlik Sense integration with Azure AD Application Proxy
Submit and view feedback for