You can use Active Directory Server as your
authentication provider.
You also have the option of
making custom user properties from the Active Directory Server available
to IBM® Cognos® components.
Before you begin
For IBM Cognos to work properly with Active Directory
Server, ensure that the Authenticated users group has Read privileges
for the Active Directory folder where users are stored.
If you
are configuring an Active Directory namespace to support single signon
with a Microsoft SQL Server
or Microsoft Analysis Server
data source, ensure the following configuration:
- The IBM Cognos gateway is installed on an IIS web
server that is configured for Integrated Authentication on Microsoft Windows operating system.
- The gateway is assigned to the local intranet website in your
web browser.
- Content Manager is installed on a Windows 2008 or Windows 2012 server.
- Content Manager, Application Tier Components, IIS web server,
and the data source server (Microsoft SQL
Server or Microsoft Analysis
Server) belong to the Active Directory domain.
- The data source connection for Microsoft SQL
Server or Microsoft Analysis
Server is configured for External Namespace and
that namespace must be the Active Directory namespace.
For more information about data sources, see the IBM
Cognos Analytics Administration and Security Guide.
Procedure
- In every location where you installed
Content Manager, open IBM Cognos Configuration.
- In the Explorer window,
under Security, right-click Authentication,
and then click New resource > Namespace.
- In the Name box,
type a name for your authentication namespace.
- In the Type list,
click the appropriate namespace and then click OK.
The new authentication provider resource appears in the Explorer window,
under the Authentication component.
- In the Properties window,
for the Namespace ID property, specify a unique
identifier for the namespace.
- Specify the values for all other required
properties to ensure that IBM Cognos components can locate
and use your existing authentication provider.
- Specify the values for the Host and port property.
To support Active Directory Server failover, you can specify
the domain name instead of a specific domain controller.
For example, use mydomain.com:389 instead of dc1.mydomain.com:389.
- If you want to search for details when authentication fails,
specify the user ID and password for the Binding credentials property.
Use the credentials of an Active Directory Server user who
has search and read privileges for that server.
- From the File menu, click Save.
- Test the connection to a new namespace.
In the Explorer window, under Authentication,
right-click the new authentication resource and click Test.
You are prompted to enter credentials for a user in the namespace
to complete the test.
Depending on how your namespace is configured,
you can enter either a valid user ID and password for a user in the
namespace or the bind user DN and password.
Results
IBM Cognos loads, initializes, and configures
the provider libraries for the namespace.