Overview to Cognos security

The IBM® Cognos® TM1® server can authenticate users using IBM Cognos security.

Cognos security is a component of the IBM Cognos framework that manages user access to data. Cognos security manages authorization and authentication through third-party security providers, such as LDAP or Active Directory. When a user is authenticated through Cognos security, they are provided with a Cognos security "passport." This passport is then used by Cognos TM1 applications to determine the user's permissions (role and group membership) and identity.

When using Cognos security, a Cognos passport is required to connect to Cognos TM1. A user is presented with a logon screen requiring a namespace, a user name, and a password when first logging in to Cognos TM1 or any other Cognos security-enabled components. Once authenticated by Cognos security, a passport is issued to the user. This passport automatically provides the user's credentials when accessing any other Cognos security-enabled application (including Cognos TM1). Once a user connects to the Cognos TM1 server via a specific Cognos server that has been configured for common logon, no direct user input is required to access additional Cognos TM1 servers (or other Cognos applications) that are configured to reference the same Cognos server.

When a user attempts to access the Cognos TM1 server, the server validates the passport to authenticate the user. This is done by querying a Cognos server for the identity of the passport. If the passport is valid, the query returns a collection of security and authentication information for the user. This information contains the roles and groups that the user has membership to, as well as the account (user name) associated with the passport. If the user name already exists in Cognos TM1 , their existing membership will be validated against the existing Cognos TM1 groups. If the user does not exist, they are added and assigned to the appropriate user groups on the Cognos TM1 server.

After connecting to CAM, two new folders are created in the installdir directory:configuration directory has epC8ITK.ini file and the Logs directory has multiple epC8ITK_2008-03-13.log.

Parent topic: Using Cognos security with Cognos TM1