Configuring authentication providers
You can use both types of logon with your installation. If you choose to use authenticated logon only, you must disable anonymous access. For more information, see Disable anonymous access.
For authenticated logon, you must configure IBM Cognos Analytics components with an appropriate namespace for the type of authentication provider in your environment. You can configure multiple namespaces for authentication and then choose, at run time, which namespace you want to use.
- Classic and dynamic namespaces
-
You can configure two types of namespace in Cognos Analytics: classic namespaces and dynamic namespaces. Dynamic and classic namespaces function the same way. However, it is easier for the administrator to create dynamic namespaces than classic namespaces for these reasons:
- The administrator may not have direct access to the Cognos Analytics server and therefore cannot run Cognos Configuration.
- After creating a dynamic namespace, the administrator doesn't have to restart the Cognos Analytics service, which would interrupt current user sessions.
Tips:- To configure classic namespaces using Cognos Configuration, click the links at the bottom of this topic.
- To configure dynamic namespaces using the Manage component, see Creating a dynamic namespace.
If you upgraded from ReportNet and IBM Cognos detects a previously configured namespace that is no longer configured, the unconfigured namespace appears in the list of authentication providers in the Administration portal. You can configure the namespace if you still require the user account information. Otherwise, you can delete the namespace. Also, when upgrading from one version to another, you must use the same authentication namespace for both versions. Otherwise, the old secured content will not be available because the new version might not contain the same policies, users, roles, and groups.
IBM Cognos components support the following types of servers as authentication sources:
- Active Directory Server
- Custom Authentication Provider
- IBM Cognos Series 7 namespace
- LDAP
- OpenID connect
- SiteMinder
- SAP
If you use more than one Content Manager, you must configure identical authentication providers in each Content Manager location. This means that the type of authentication provider you select and the way you configure it must be identical in all locations for all platforms. The configuration must contain information that is accessible by all Content Managers.
When IBM Cognos is installed in a single Linux-based computer, or when Content Manager is installed on a Linux-based computer, IBM Cognos can be configured to use only LDAP V3-compliant directory servers and custom providers as authentication sources.
Some authentication providers require libraries external to the IBM Cognos environment to be available. If these libraries are not available on Linux®, the authentication provider cannot be initialized.
If you want to configure one of the following as your authentication source, you must install Content Manager on an operating system it supports:
- IBM Cognos Series 7 namespace (Windows, Solaris, AIX)
- Active Directory Server (Windows only)
- SAP BW (All except Power PC, z/OS, z/Linux)
If you enable security, you must configure security settings immediately after you complete the installation and configuration process. For more information, see the Administration and Security Guide.
After you configure an authentication provider for IBM Cognos components, you can enable single signon between your authentication provider environment and IBM Cognos components. This means that a user logs on once and can then switch to another application without being asked to log on again.
Users can select namespaces when they log in to the IBM Cognos Analytics portal. You can hide Custom Java™ namespaces and SiteMinder namespaces from users. For more information, see Hide the Namespace from Users During Login.