Configure the IBM Cognos Controller Authentication Method
After you configure the authentication provider, you must configure the Controller Web Services Server computers with IBM Cognos or Windows authentication. The default authentication method is Native authentication.
If users access the IBM® Cognos Controller, IBM Cognos Controller Link for Microsoft Excel or IBM Controller Web applications when not being logged on as domain users, they receive a prompt to enter their domain credentials in order to be authenticated against the domain
With native authentication, logon information is configured in the IBM Cognos® Controller databases and in the IBM Cognos Controller user interface. Native authentication is the authentication method used in previous versions of IBM Cognos Controller. If you use Native authentication, when users log on to IBM Cognos Controller from IBM Cognos Connection or from a URL and have selected a database to log on to, they are prompted to log in. Users are prompted with the same logon window when they log on to IBM Cognos Controller using the IBM Cognos Controller Link for Microsoft Excel. If you want to use Native authentication in your IBM Cognos Controller environment, the reporting components must run under anonymous access. When the reporting components run under anonymous access, no logon is required. In IBM Cognos Connection, anonymous access is enabled by default. Native authentication provides minimal security in your IBM Cognos Controller environment.
IBM Cognos authentication is shared between IBM Cognos Controller and the reporting components. When you use the IBM Cognos authentication method, you can use the IBM Cognos built-in namespace to restrict access to defined users, or you can create an appropriate namespace for the type of authentication provider in your environment. Access is then restricted to users belonging to any group or role defined in the namespace. If you use the IBM Cognos authentication method, when users log on to IBM Cognos Controller from IBM Cognos Connection or from a URL and have selected a database to log on to, they are prompted to log on. Users are prompted with the same logon window when they log on to IBM Cognos Controller using the IBM Cognos Controller Link for Microsoft Excel. IBM Cognos authentication uses shared memory for passport IDs. However, if your company security policy prohibits the use of shared memory, you can disable the use of shared memory for passport IDs. If you disable shared memory for passport IDs, users must log on separately to IBM Cognos Controller and to the IBM Cognos Controller Link for Microsoft Excel.
To avoid using different authentication mechanisms, you should reuse IBM Cognos authentication if you have integrated your Cognos Controller environment with IBM Cognos Analytics or IBM Planning Analytics.
Before you begin
If you are using Native or IBM Cognos authentication, ensure that you have configured the appropriate namespace. If you are using Windows Authentication, ensure that the Cognos Controller server is part of the domain that is to be used for authentication and that the Windows Authentication role service has been installed as part of IIS.
About this task
Perform this procedure on the Cognos Controller server.
- From the Start menu, start IBM Cognos Controller Configuration.
- In the Explorer window, click Web Services Server, Server Authentication.
- In the Select authentication method box,
click the drop-down arrow, and then select the authentication method:
- Click IBM Cognos to enable IBM Cognos authentication.
- Click Windows Authentication to enable Windows Authentication.
- From the File menu, click Save.