# JWT Authentication Configuration for Qlik Sense This article outlines the steps to configure a virtual proxy for JSON Web Token (JWT) authentication in Qlik Sense Enterprise on Windows. JWT authentication enables secure user authentication by validating signed tokens issued by a trusted identity provider. The configuration is performed in the Qlik Management Console (QMC) by creating a dedicated virtual proxy and defining the required JWT authentication parameters. ### Prerequisites Before configuring JWT authentication, ensure the following prerequisites are met.
ComponentRequirement
Qlik PlatformQlik Sense Enterprise on Windows
Administrative AccessAccess to Qlik Management Console (QMC)
JWT ProviderConfigured identity provider capable of issuing JWT tokens
Certificate UtilityOpenSSL (if generating a new key pair)
**Access Requirements** * Administrative privileges to create and manage virtual proxies in QMC. * Access to the Qlik Proxy Service (QPS) server. * Access to the JWT public certificate or PEM file used for token validation. ### JWT Authentication Configuration #### Step 1: Access the Qlik Management Console 1. Open a web browser. 2. Navigate to the Qlik Management Console (QMC) using the following URL: https\://\/qmc 3. Log in using administrator credentials. #### Step 2: Open Virtual Proxy Configuration 1. In the left navigation pane, under **Configure System**, select **Virtual Proxies**. 2. On the Virtual Proxies page, click **Create New**. #### Step 3: Configure Virtual Proxy Identification Settings In the Edit Virtual Proxy screen, configure the following identification settings.
FieldDescription
DescriptionEnter a meaningful description for the virtual proxy.
PrefixSpecify the proxy URI path. Use only lowercase letters.
Session Cookie Header NameEnter the HTTP header name used for the session cookie.
{% hint style="warning" %} The virtual proxy prefix becomes part of the Qlik Sense access URL. Ensure that the prefix is unique within the deployment. {% endhint %} #### Step 4: Configure JWT Authentication Settings Under the Authentication section, configure the following parameters.
FieldDescription
Authentication MethodSelect JWT.
JWT CertificateAdd the public certificate used to validate JWT tokens.
JWT Attribute for User IDSpecify the JWT attribute that identifies the user ID.
JWT Attribute for User DirectorySpecify the JWT attribute that identifies the user directory.
### JWT Certificate Configuration The JWT certificate can be configured using one of the following methods. #### Option 1: Generate a Key Pair Using OpenSSL 1. Generate a key pair using OpenSSL. 2. Open the public.key file in a text editor. 3. Copy the key content. 4. Paste the copied content into the **JWT Certificate** field in QMC. #### Option 2: Use the Existing Qlik Sense Certificate 1. Navigate to the following directory on the Qlik Sense server: C:\ProgramData\Qlik\Sense\Repository\Exported Certificates\\.Local Certificates 2. Open the server.pem file in a text editor. 3. Copy the certificate content. 4. Paste the copied content into the JWT Certificate field in QMC. {% hint style="info" %} Ensure that the certificate format and content remain unchanged while copying the key or certificate data into QMC. {% endhint %} ### Advanced Configuration (Optional) Under the Advanced section, configure the following settings if required. | Field | Description | | --------------- | ----------------------------------------------------------------------------- | | Host Allow List | Add the host IP addresses of the Qlik Sense Enterprise on Windows deployment. | {% hint style="warning" %} Configure only trusted host IP addresses in the allow list to restrict unauthorized access. {% endhint %} ### Save the Configuration 1. Review all configured settings. 2. Click **Apply** to save the virtual proxy configuration. After the configuration is saved, the virtual proxy becomes available for JWT-based authentication requests. ### Troubleshooting | Issue | Possible Cause | Resolution | | ------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------ | | Authentication fails | Invalid or mismatched JWT certificate | Verify that the correct public certificate or PEM content is configured. | | User authentication is unsuccessful | Incorrect JWT attribute mapping | Confirm that the configured JWT attributes match the token payload. | | The virtual proxy URL is inaccessible | Incorrect proxy prefix configuration | Verify the virtual proxy prefix and confirm that it is unique. | | Access denied from external hosts | Host not included in the allow list | Add the required host IP address to the Host Allow List configuration. | *** Copyright © 2026, OvalEdge LLC, Peachtree Corners GA USA --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ovaledge.com/release8.1/connectors/connector-repositories/reporting-tool/qlik-sense/qlik-sense-on-prem/jwt-authentication-configuration-for-qlik-sense.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.