Connections that support JWT authentication

You can create data server connections using JSON Web Token (JWT) authentication for the following products.

To use this functionality with a data server connection, you must configure Cognos Analytics to use an OpenID Connect authentication provider. To provide the token, the connection settings must specify the OpenID Connect namespace that was configured. The identity provider namespace must be capable of returning claims in the JWT that the vendor requires.

Following is a list of data server types for which Cognos Analytics supports JWT authentication:

  • Amazon Redshift

    Use the Amazon JDBC driver. The URL must include the pluging name-value pair plugin_name=com.amazon.redshift.plugin.BasicJwtCredentialsProvider. Amazon Redshift JDBC driver version 2.1.0.4 or higher is required.

    Note: When you use Azure Active Directory and Amazon Redshift, you must include additional scope details by specifying the following name-value pair: ibmcognos.oidc.scope=https://database.windows.net/.default. For more information, see ibmcognos.oidc.scope.
  • Azure SQL and Synapse

    Use the Microsoft SQL Server JDBC driver. The connection automatically passes the token via the SQL Server driver accessToken property.

    Note: When you use Azure Active Directory and Azure SQL or Azure Synapse, you must include additional scope details by specifying the following name-value pair: ibmcognos.oidc.scope=https://database.windows.net/.default. For more information, see ibmcognos.oidc.scope.
  • Db2 and BigSQL

    For more information, see Support for JWT authentication with Db2 and BigSQL data server connections.

  • Denodo

    Use the Denodo JDBC driver. A connection must include the Denodo name-value pair useOAuth2=true.

  • Exasol

    Use the Exasol JDBC driver. A connection must include the Exasol name-value pair authmethod=accesstoken. Exasol JDBC driver version 7.1.2 or higher is required.

  • Google Bigquery

    Use the Bigquery JDBC driver. A connection must include the Bigquery name value pair OAuthType=2.

  • Progress DataDirect Autonomous REST

    Use the Autonomous REST JDBC driver. A connection must include the Autnomous REST name-value pair AuthenticationMethod=OAuth2.

  • SAP Hana

    Use the SAP Hana JDBC driver.

  • Snowflake

    For more information, see Snowflake connections.

  • Teradata

    Use the Teradata JDBC driver. The URL must include the Teradata LOGMECH=JWT name-value pair. Teradata JDBC driver version 17.10.00.14 or higher is required.

  • Trino

    Use the Trino JDBC driver. A connection must include the Trino name-value pair SSL=true.

  • Dremio

    Use the Dremio JDBC driver. A connection must include the Dremio name-value pair SSL=true;token_typ=jwt;.