Configuring multitenancy that is based on a hierarchy node

You can reuse the node structure information within a hierarchy of your authentication provider when configuring your tenant.

You need to map the hierarchy information to the Tenant ID Mapping > Pattern property in IBM® Cognos® Configuration.

Before you begin

You can use the ancestors user account attribute for this purpose. The ancestors attribute represents the hierarchical path to a user account in the form of an array. The following table shows how you might map the ancestors attribute to a hierarchy to identify the tenancy information:

Table 1. Ancestors attribute mapped to the hierarchy information
Ancestors information Hierarchy LDAP example
ancestors[0] Directory node  
ancestors[1] Namespace ID base DN
ancestors[2] Tenant grouping, such as a folder organizational units

For example, if users are stored in an LDAP directory and tenants are directly under the base Distinguished Name (DN) as organizational units, you can set the Pattern type to the following value: ~/ancestors[2]/defaultName.

In addition to defaultName, the following ancestors qualifiers can return tenancy information:

  • name/locale

    The locale parameter in this example is based on the mapping in the namespace configuration. If no locale is given, the name is the title of the object. For example, you might specify: ~/ancestors[2]/name/EN-ca

  • searchPath/objectID

    For example, you might specify: ~/ancestors[2]/searchPath/objectId

Procedure

  1. Open IBM Cognos Configuration.
  2. Choose whether to configure multitenancy settings globally for all namespaces, or for a specific namespace.
    • To configure multitenancy for all namespaces, in the Explorer window, for the Security category, click Authentication.
    • To configure multitenancy for one namespace, in the Explorer window, for the Security category, click Authentication. Then, click the namespace that you want to configure.
  3. In the Multitenancy group of properties, click the edit button for the Tenant ID Mapping property.
  4. In the Tenant ID Mapping window that is displayed, specify your mapping in the following way:
    1. For Type, select Pattern.
    2. For Value, type the string that you created based on the instructions earlier in this topic. For example, you could specify the following value: ~/ancestors[2]/defaultName.
    3. Click OK.
  5. For an Active Directory namespace only, click in the Value column for Custom properties and click the edit button. Add the MultiDomainTree property and set its value to true.
  6. Test your multitenancy configuration.
    1. Right-click either Authentication or the namespace (depending on your choice in step 2), and click Test.
    2. Log on using the credentials of the system administrator, and click OK.
    3. Click the Details button, and read the information that is displayed.

    If multitenancy is properly configured, your tenant ID is displayed in the details. If the tenant ID is not displayed, update and correct the values and test again.

  7. If the testing was successful, from the File menu, click Save.
  8. Restart the IBM Cognos service for the changes to take effect.