By John Commons
When looking at authentication options for applications, integration and single sign on – especially for different web-based apps in an organization – there are a few standards to be considered. Initially, there was SAML (Security Assertion Markup Language) which is an open standard for authorization and authentication and primarily used for single sign on (SSO) for enterprise apps. Next was OAuth2, or open standard for authorization, which was used for API Authorization. And finally, OpenID Connect, which is a combination of SAML and OAuth2. It’s an open standard for authentication, whose primary use is SSO for consumer apps.
For Cognos Business Intelligence, in the past, the primary authentication supported were LDAP-based external namespaces (that included Active Directory and the older Cognos Series 7), SiteMinder for SSO, or possibly custom Java Authentication providers, which also typically requires additional development work. As of Cognos Analytics Release 7, the OpenID Connect standard and several of the major identity providers are now fully supported, which gives additional options for organizations to leverage single sign on and integration with other applications.
Integration with Cognos Analytics
Cognos Analytics initially started supporting OpenID Connect with Release 6. With that release of Cognos Analytics, only a single provider was supported: the IBMiD. With the release of version 11.0.7 and going forward, most of the major OpenID Connect providers are fully supported, including: Active Directory Federation Service, Azure AD, Google, IBMiD, Okta, Ping, and SalesForce.
IBM is also continually monitoring requests for additional provider support so there will likely be more with future releases.
OpenID Connect is an open standard identity layer protocol, which is built on the OAuth 2.0 protocol for federated identity and authentication. It is used for integration with other applications in an organization, which also uses the same OpenID Connect provider. This allows applications to share or integrate authentication from one application to another.
As mentioned above, Cognos Analytics now fully supports the OpenID Connect standard and the support is built into the Cognos Analytics application. This is the case for both on premise Cognos installations as well as Cognos Analytics in the cloud. OpenID is the direction going forward for web-based authentication providers for federating Cognos Analytics 11 with other applications. OpenID Connect combines aspects of the standards for SAML, OpenID and Oauth2. Most of the previous SAML 2 identity providers are now releasing new versions of OpenID Connect support with their products.
IBMiD is the IBM OpenID Connect provider. If your provider does not support OpenID Connect but does support SAML 2.0, you can use the IBMiD provider type to configure the namespace. This allows you to federate Cognos Analytics with most SAML 2 identity providers.
The configuration of OpenID Connection in Cognos is fairly straightforward and similar to the previously supported namespace configurations. An example of some of the issues with configuring an OpenID Connect namespace will be shown in part 2 of the OpenID Connect with Cognos Analytics article.
If you’re interested in upgrading to Cognos Analytics, here are 3 reasons to do so right now.
Ironside was founded in 1999 as an enterprise data and analytics solution provider and system integrator. Our clients hire us to acquire, enrich and measure their data so they can make smarter, better decisions about their business. No matter your industry or specific business challenges, Ironside has the experience, perspective and agility to help transform your analytic environment.