Ctrlk
AcademyCustomer Portal

JWT Authentication Configuration for Qlik Sense

This article outlines the steps to configure a virtual proxy for JSON Web Token (JWT) authentication in Qlik Sense Enterprise on Windows. JWT authentication enables secure user authentication by validating signed tokens issued by a trusted identity provider.

The configuration is performed in the Qlik Management Console (QMC) by creating a dedicated virtual proxy and defining the required JWT authentication parameters.

Prerequisites

Before configuring JWT authentication, ensure the following prerequisites are met.

Component
Requirement

Qlik Platform

Qlik Sense Enterprise on Windows

Administrative Access

Access to Qlik Management Console (QMC)

JWT Provider

Configured identity provider capable of issuing JWT tokens

Certificate Utility

OpenSSL (if generating a new key pair)

Access Requirements

  • Administrative privileges to create and manage virtual proxies in QMC.

  • Access to the Qlik Proxy Service (QPS) server.

  • Access to the JWT public certificate or PEM file used for token validation.

JWT Authentication Configuration

Step 1: Access the Qlik Management Console

  1. Open a web browser.

  2. Navigate to the Qlik Management Console (QMC) using the following URL: https://<QPS_server_name>/qmc

  3. Log in using administrator credentials.

Step 2: Open Virtual Proxy Configuration

  1. In the left navigation pane, under Configure System, select Virtual Proxies.

  2. On the Virtual Proxies page, click Create New.

Step 3: Configure Virtual Proxy Identification Settings

In the Edit Virtual Proxy screen, configure the following identification settings.

Field
Description

Description

Enter a meaningful description for the virtual proxy.

Prefix

Specify the proxy URI path. Use only lowercase letters.

Session Cookie Header Name

Enter the HTTP header name used for the session cookie.

The virtual proxy prefix becomes part of the Qlik Sense access URL. Ensure that the prefix is unique within the deployment.

Step 4: Configure JWT Authentication Settings

Under the Authentication section, configure the following parameters.

Field
Description

Authentication Method

Select JWT.

JWT Certificate

Add the public certificate used to validate JWT tokens.

JWT Attribute for User ID

Specify the JWT attribute that identifies the user ID.

JWT Attribute for User Directory

Specify the JWT attribute that identifies the user directory.

JWT Certificate Configuration

The JWT certificate can be configured using one of the following methods.

Option 1: Generate a Key Pair Using OpenSSL

  1. Generate a key pair using OpenSSL.

  2. Open the public.key file in a text editor.

  3. Copy the key content.

  4. Paste the copied content into the JWT Certificate field in QMC.

Option 2: Use the Existing Qlik Sense Certificate

  1. Navigate to the following directory on the Qlik Sense server: C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\.Local Certificates

  2. Open the server.pem file in a text editor.

  3. Copy the certificate content.

  4. Paste the copied content into the JWT Certificate field in QMC.

Ensure that the certificate format and content remain unchanged while copying the key or certificate data into QMC.

Advanced Configuration (Optional)

Under the Advanced section, configure the following settings if required.

Field
Description

Host Allow List

Add the host IP addresses of the Qlik Sense Enterprise on Windows deployment.

Configure only trusted host IP addresses in the allow list to restrict unauthorized access.

Save the Configuration

  1. Review all configured settings.

  2. Click Apply to save the virtual proxy configuration.

After the configuration is saved, the virtual proxy becomes available for JWT-based authentication requests.

Troubleshooting

Issue
Possible Cause
Resolution

Authentication fails

Invalid or mismatched JWT certificate

Verify that the correct public certificate or PEM content is configured.

User authentication is unsuccessful

Incorrect JWT attribute mapping

Confirm that the configured JWT attributes match the token payload.

The virtual proxy URL is inaccessible

Incorrect proxy prefix configuration

Verify the virtual proxy prefix and confirm that it is unique.

Access denied from external hosts

Host not included in the allow list

Add the required host IP address to the Host Allow List configuration.

Copyright © 2026, OvalEdge LLC, Peachtree Corners GA USA

PreviousAccess Configuration for Qlik Sense on WindowsNextQlik Sense Metadata Extraction

Last updated

Was this helpful?