Integrated login
Integrated login enables you to use Microsoft Integrated Windows Authentication (IWA) and control access to IBM® TM1® data based on Users and Groups defined in Microsoft Active Directory (AD).
In integrated login mode (security mode 3), TM1
authentication compares the user's domain-qualified Microsoft
Windows login name to the contents of the
UniqueID
element of the }ClientProperties
cube.
If there is a match, the user is authenticated to TM1. If Active Directory groups have been imported into the TM1 Server, Active Directory group memberships are honored.
If no match is found, TM1 displays an error message stating that the client name does not exist. TM1 Server does not prompt for login information.
To populate the UniqueID
elements and import groups from Microsoft Active Directory, you can use the ETLDAP utility,
TurboIntegrator jobs, or manual steps. For more information, see Configure integrated login for the IBM TM1 Server.
Users who want to access TM1 data in a server that is configured for integrated login must authenticate to Microsoft Windows first and then use TM1 clients to access the TM1 Server.
Example
Suppose a user with the user name Robert
, which is defined in the Windows domain emea.company.com
, logs in to his Windows workstation. When Robert uses a TM1
client that uses integrated login, such as TM1 Architect, to
access a TM1
Server configured for
security mode 3, the TM1 client forwards Robert's Windows login information to the TM1
Server using Integrated Windows Authentication. The TM1
Server looks for a match to
Robert@EMEA
in the UniqueID elements of the }ClientProperties
cube. If there
is a match, Robert is authenticated by TM1 successfully.
EMEA.COMPANY.COM) will fail.