Cognos Analytics

 View Only

Cognos Analytics:Configuring Cognos Analytics with Azure SQL Using JWT Authentication

By Dhruva J Mazumdar posted 20 days ago

  

Introduction

This blog provides a comprehensive, step-by-step guide for configuring an Azure SQL Database hosted on Azure Cloud with IBM Cognos Analytics using the JWT authentication method. Before proceeding, it’s essential to have an OIDC namespace already set up in Cognos Analytics, as this is a prerequisite for JWT authentication. This blog assumes that the OIDC authentication namespace has been configured, so it will not cover that topic in detail. If you have not yet set up an OIDC namespace, please refer to the following documentation:

How to Configure Cognos Analytics 11.2.x with Microsoft Azure OIDC.

In this blog, we will use Azure (Microsoft Entra) as the OpenID Connect (OIDC) provider to perform JWT authentication with Cognos Analytics. If you are using a different OIDC provider, please consult the relevant vendor's documentation for guidance on integrating JWT authentication with Cognos.

While this tutorial focuses on integrating Azure SQL with Cognos Analytics using JWT, it's important to note that other configurations and providers may deliver similar results depending on your organization's needs. Though this guide outlines a specific approach, it is not the only method available for such integrations.

Overview

Technology/Applications Covered:

  • IBM Cognos Analytics 12.0.4
  • Microsoft Entra as the authentication namespace
  • Azure SQL Database

Prerequisites

  • A Microsoft Entra account
  • Cognos Analytics server configured with an Azure authentication namespace

Content Overview

A) Configuring API permissions to support requests from Azure SQL 

B)Authenticating into Cognos Analytics Using the Azure Authentication Namespace

C)Configuring Dataserver connection in Cognos Analytics for JWT Authentication

Detailed Configuration Steps

A) Configuring API permissions to support requests from Azure SQL 

Inorder to get started with configuring an Azure SQL Database with Cognos Analytics we need to first configure the correct API permissions/scope 'user_impersonation' for the application created for  authentication with Cognos. such that the scope provides enough access for the particular service API on behalf of the signed user. 

To proceed with adding user_impersonation permission to the application navigate to Appregistration and select the Application created for Cognos as shown below: 

Navigate to the API Permissions section and select Add a Permission. From the top menu, choose APIs my organization uses. This will display a list of all Azure services associated with your organization. From the list, select Azure SQL Database as shown below and then add the following permissions.

Under Request API permissions for Azure SQL Database select 'Delegated permissions' and then choose the 'user_impersonation' under the permissions list as provided below: 
The image below provides an overview of how the API permissions for the application created for Cognos in Azure should appear.

B)Authenticating with Cognos Analytics Using the Azure Authentication Namespace

With the API permissions for Azure SQL configured and the web application for Cognos Analytics registered in Azure, we can now authenticate into the Cognos portal using the Azure authentication namespace, which utilizes the same client ID set during the application registration.

C)Configuring Dataserver connection in Cognos Analytics for JWT Authentication

After successfully authenticating into the Cognos portal via the Azure namespace, the next step is to configure the Data Server connection in Cognos for Azure SQL, as outlined in the implementation steps below.

1.Configure JDBC URL:

Under the JDBC URL, enter the JDBC URL for the Azure SQL Database as shown in the example below:

jdbc:sqlserver://<servername>:1433;database=<DatabaseName>;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;

Ensure that you also include the required scope:

ibmcognos.oidc.scope=https://database.windows.net/.default

This scope is necessary for establishing the Azure SQL JWT connection with Cognos Analytics, as referenced in the official documentation: IBM Cognos Analytics - Connections that support JWT authentication.

2.Set Authentication Method:

In the authentication settings, make sure the authentication method is set to "Use an external namespace". Select the Azure authentication namespace (e.g., 'AzureWizard') from the list.

3.Test the Connection:

After configuring the URL and authentication, test the connection to ensure everything is properly set up and validated.

Conclusion
While this blog serves as a guide for setting up a JWT authentication with Cognos Analytics, it's  important to note that certain steps involve 3rd-party vendors which are beyond IBM's scope of support.The information provided in this blog aims to offer a comprehensive understanding of the necessary configurations required to configure an Azure SQL Database with Cognos using a JWT authentication method. IBM does not assume responsibility for any changes in the technical aspects of 3rd-party vendors over time. It's recommended to refer to the respective vendor's information for updated  instructions related to the tasks outlined in this blog.

#CognosAnalytics #IBMCognosAnalytics #CognosAnalyticswithWatson #IBMCognos #Cognos #CognosAnalytics #Security #LearnCognosAnalytics #resources #cognosanalyticssupport
0 comments
8 views

Permalink