Authentication Providers

User authentication in IBM® Cognos® software is managed by authentication providers. Authentication providers define users, groups, and roles used for authentication. User names, IDs, passwords, regional settings, personal preferences are some examples of information stored in the providers.

If you set up authentication for IBM Cognos software, users must provide valid credentials, such as user ID and password, at logon time. In an IBM Cognos software environment, authentication providers are also referred to as namespaces, and they are represented by namespace entries Name space icon in the user interface.

IBM Cognos software does not replicate the users, groups, and roles defined in your authentication provider. However, you can reference them in IBM Cognos software when you set access permissions to reports and other content. They can also become members of Cognos groups and roles.

The following authentication providers are supported in this release:

Active Directory Server
IBM Cognos Series 7
Custom Java™ Provider
eTrust SiteMinder
LDAP
SAP
RACF®

You configure authentication providers using IBM Cognos Configuration. For more information, see the Installation and Configuration Guide.

Multiple Namespaces

If multiple namespaces are configured for your system, at the start of a session you must select one namespace that you want to use. However, this does not prevent you from logging on to other namespaces later in the session. For example, if you set access permissions, you may want to reference entries from different namespaces. To log on to a different namespace, you do not have to log out of the namespace you are currently using. You can be logged on to multiple namespaces simultaneously.

Your primary logon is the namespace and the credentials that you use to log on at the beginning of the session. The namespaces that you log on to later in the session and the credentials that you use become your secondary logons.

When you delete one of the namespaces, you can log on using another namespace. If you delete all namespaces except for the Cognos namespace, you are not prompted to log on. If anonymous access is enabled, you are automatically logged on as an anonymous user. If anonymous access is not enabled, you cannot access the IBM Cognos Connection logon page. In this situation, use IBM Cognos Configuration to enable anonymous access.

Hiding Namespaces

You can hide namespaces from users during logon. This lets you have trusted signon namespaces without showing them on the namespace selection list that is presented when users log on.

For example, you may want to integrate single signon across systems, but maintain the ability for customers to authenticate directly to IBM Cognos software without being prompted to choose a namespace.

You can hide Custom Java Provider and eTrust SiteMinder namespaces that you configured.

For more information, see the Installation and Configuration Guide.