Cognos Analytics

Administration: Cognos Analytics Authentication with OneLogin OpenID

By ANTONIO MARZIANO posted 02-16-2019 10:05 AM

The purpose of this article is to provide a step-by-step guide on setting up OneLogin OpenID authentication with Cognos Analytics.
First step is to sign-up for a developer's account here  :
Assuming its setup correctly, then next step are to provision an OneLogin OIDC application.

Next is to follow these steps:

1. Log into OneLogin Administration

2. Click on "Administration"

3. Click on "Apps" and "Company Apps" or "Add Apps"

4. Search for 'oidc' and select the 'OpenId Connect (OIDC)' application

5. Give the application a name e.g. 'CASUPPORT' and click "Save". You will notice when you go back into that application that a series of tabs appear

6. Click on "Configuration" and update the 'Redirect URI's' with the Cognos Analytics Server URI

7. Click on "SSO" to capture the clientID and generate a client  secret. Make sure the 'Application Type' is "Web" and "Authentication Method" is "Basic". To generate the client secret click on "Show Client Secret" link.

8. To view the Discovery Endpoint URI click on "OpenID Provider Configuration Information" link

9. Create a new user and fill in the details

10. Click "SAVE" and then "Applications"

11. Click on the "Default" policy and then "SAVE"

12. Click on "MORE ACTIONS" and select "Change Password"

13. Provide a temporary password and then force the user to change it:

14. Confirm the user is added to the application being provisioned

At this point moving over to Cognos Analyics, created a new Generic Namespace for OpenID with the following entries:

15. Import the CA Root Certificate by downloading it

16. Run the following command line from the CA installation:

..\bin>ThirdPartyCertificateTool.bat -i -T -r COMODORSACertificationAuthority.crt -p NoPassWordSet

17. Re-open Cognos Configuration and start

Then log in


If login fails with 'AAA-OIDC-0009 The provided credentials are invalid", this could mean the user doesnt have access to the application (OneLogin):

Check the users application section which here shows its not listed or granted:

Click on Roles / Default and then "SAVE USER" button. Go back to that section to confirm the application is listed: