To use IBM Cognos product documentation, you must enable JavaScript in your browser.

Configuring IBM Cognos 8 Components to Use an Authentication Provider 

IBM Cognos 8 components run with two levels of logon: anonymous and authenticated. By default, anonymous access is enabled.

You can use both types of logon with your installation. If you choose to use only authenticated logon, you can disable anonymous access.

For authenticated logon, you must configure IBM Cognos 8 components with an appropriate namespace for the type of authentication provider in your environment. You can configure multiple namespaces for authentication and then choose at run time which namespace you want to use. For more information, see the Administration and Security Guide.

If you upgraded from ReportNet and IBM Cognos 8 detects a previously configured namespace that is no longer configured, the unconfigured namespace appears in the list of authentication providers in the Administration portal. You can configure the namespace if you still require the user account information. Otherwise, you can delete the namespace. For information about deleting the namespace, see the Administration and Security Guide.

Also, when upgrading from one version to another, you must use the same authentication namespace for both versions. Otherwise, the new version may not contain the same policies, users, roles, and groups.

IBM Cognos 8 components support the following types of servers as authentication sources:

If you use more than one Content Manager computer, you must configure identical authentication providers on each Content Manager computer. This means that the type of authentication provider you select and the way you configure it must be identical on all computers for all platforms. The configuration must contain information that is accessible by all Content Manager computers.

When IBM Cognos 8 is installed on a single Linux computer, or when Content Manager is installed on a Linux computer, IBM Cognos 8 can be configured to use only LDAP V3-compliant directory servers and custom providers as authentication sources.

Some authentication providers require libraries external to the IBM Cognos 8 environment to be available. If these libraries are not available on Linux, the authentication provider cannot be initialized.

If you want to configure one of the following as your authentication source, you must install Content Manager on a non-Linux computer:

If you enable security, you must configure security settings immediately after you complete the installation and configuration process. For more information, see the Administration and Security Guide.

Important: We recommend that you do not disable security after you enable it. If you delete a namespace, the user preferences, My Folders, and My Pages entries are permanently lost. Existing permission settings will refer to users, groups, or roles that no longer exist. While this does not affect how the permissions work, a user administering the permission settings may see "unknown" entries. Because these entries refer to users, groups, and roles which no longer exist, you can safely delete them.

After you configure an authentication provider for IBM Cognos 8 components, you can enable single signon between your authentication provider environment and IBM Cognos 8 components. This means that a user logs on once and can then switch to another application without being asked to log on again.

Users can select namespaces when they log in to the IBM Cognos 8 portal. You can hide Custom Java namespaces and eTrust SiteMinder namespaces from users.

To use an authentication provider and to require users to authenticate

      

Disable anonymous access, if required.

      

Configure IBM Cognos 8 components to use an authentication provider.