Cognos Analytics

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

Hi Brenda,

We recently got OIDC working both for Cognos 11.1.7 and Cognos 11.2.4

It took a lot of work and time to make this happen; but IBM was extremely helpful. I can't offer higher praise

The biggest challenge for us was that unlike at IBM, the same person is not both an Azure administrator and a Cognos administrator. Three way webex sessions were necessary with IBM, me (the Cognos administrator) and our Azure administrator. In the end, the biggest challenge was on the Azure side, although (of course) once figured out, it seems much more trivial. We were also concerned about network security limitations at one point, but that proved unfounded in our case

The other challenge for us was that in moving to OIDC, we moved to a new namespace, meaning that everyone basically was assigned a brand new Cognos account. I manually moved everyone's My Content and carefully granted the right roles and groups. This worked for us manually because we only have 91 users and people's use of Cognos is limited and there are limited variations in security. 

Another challenge is that because everyone was granted a new account, their recent activity disappeared. My solution to that was creating a spreadsheet of who had run what most recently and where that is located

In our case, this work was totally worth it to improve security. MFA is now possible. The LDAP protocol is no longer used; and we are in a better place vis-a-vis penetration testing done annually. Improving security is never ending

Happy to answer more questions

Sincerely

Michael Sullivan

msulliva@northshore.edu

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

Hi Brenda,

We recently got OIDC working both for Cognos 11.1.7 and Cognos 11.2.4

It took a lot of work and time to make this happen; but IBM was extremely helpful. I can't offer higher praise

The biggest challenge for us was that unlike at IBM, the same person is not both an Azure administrator and a Cognos administrator. Three way webex sessions were necessary with IBM, me (the Cognos administrator) and our Azure administrator. In the end, the biggest challenge was on the Azure side, although (of course) once figured out, it seems much more trivial. We were also concerned about network security limitations at one point, but that proved unfounded in our case

The other challenge for us was that in moving to OIDC, we moved to a new namespace, meaning that everyone basically was assigned a brand new Cognos account. I manually moved everyone's My Content and carefully granted the right roles and groups. This worked for us manually because we only have 91 users and people's use of Cognos is limited and there are limited variations in security. 

Another challenge is that because everyone was granted a new account, their recent activity disappeared. My solution to that was creating a spreadsheet of who had run what most recently and where that is located

In our case, this work was totally worth it to improve security. MFA is now possible. The LDAP protocol is no longer used; and we are in a better place vis-a-vis penetration testing done annually. Improving security is never ending

Happy to answer more questions

Sincerely

Michael Sullivan

msulliva@northshore.edu

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

Hi Brenda,

We recently got OIDC working both for Cognos 11.1.7 and Cognos 11.2.4

It took a lot of work and time to make this happen; but IBM was extremely helpful. I can't offer higher praise

The biggest challenge for us was that unlike at IBM, the same person is not both an Azure administrator and a Cognos administrator. Three way webex sessions were necessary with IBM, me (the Cognos administrator) and our Azure administrator. In the end, the biggest challenge was on the Azure side, although (of course) once figured out, it seems much more trivial. We were also concerned about network security limitations at one point, but that proved unfounded in our case

The other challenge for us was that in moving to OIDC, we moved to a new namespace, meaning that everyone basically was assigned a brand new Cognos account. I manually moved everyone's My Content and carefully granted the right roles and groups. This worked for us manually because we only have 91 users and people's use of Cognos is limited and there are limited variations in security. 

Another challenge is that because everyone was granted a new account, their recent activity disappeared. My solution to that was creating a spreadsheet of who had run what most recently and where that is located

In our case, this work was totally worth it to improve security. MFA is now possible. The LDAP protocol is no longer used; and we are in a better place vis-a-vis penetration testing done annually. Improving security is never ending

Happy to answer more questions

Sincerely

Michael Sullivan

msulliva@northshore.edu

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

Hi Brenda,

We recently got OIDC working both for Cognos 11.1.7 and Cognos 11.2.4

It took a lot of work and time to make this happen; but IBM was extremely helpful. I can't offer higher praise

The biggest challenge for us was that unlike at IBM, the same person is not both an Azure administrator and a Cognos administrator. Three way webex sessions were necessary with IBM, me (the Cognos administrator) and our Azure administrator. In the end, the biggest challenge was on the Azure side, although (of course) once figured out, it seems much more trivial. We were also concerned about network security limitations at one point, but that proved unfounded in our case

The other challenge for us was that in moving to OIDC, we moved to a new namespace, meaning that everyone basically was assigned a brand new Cognos account. I manually moved everyone's My Content and carefully granted the right roles and groups. This worked for us manually because we only have 91 users and people's use of Cognos is limited and there are limited variations in security. 

Another challenge is that because everyone was granted a new account, their recent activity disappeared. My solution to that was creating a spreadsheet of who had run what most recently and where that is located

In our case, this work was totally worth it to improve security. MFA is now possible. The LDAP protocol is no longer used; and we are in a better place vis-a-vis penetration testing done annually. Improving security is never ending

Happy to answer more questions

Sincerely

Michael Sullivan

msulliva@northshore.edu

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

Hi Mike,

In terms of technical ability for the average person to write a javascript program to export/import MRUs... can appreciate that most would lack the ability. The good news is I plan to publish a simple extension to achieve this in the Accelerator catalog. The extension will also provide the same support for importing/exporting favourites.

Since the tool is geared towards the actual user (and not an admin)... namespace complexities are removed since the same import/export url exists regardlesss of which user uses it.

In regards to your "PS" comments, I am not fully aware/"in the loop" of the challenges you are referring to. But, if you have not done so already, I would encourage you to submit an enhancement request. I'd be interesting in learning more about the challenge you have and seeing if there are some ways to help overcome these challenges.
If an enhancement request exists, please share the link so I can take a peek at the details. Thx.

Hi Brenda,

We recently got OIDC working both for Cognos 11.1.7 and Cognos 11.2.4

It took a lot of work and time to make this happen; but IBM was extremely helpful. I can't offer higher praise

The biggest challenge for us was that unlike at IBM, the same person is not both an Azure administrator and a Cognos administrator. Three way webex sessions were necessary with IBM, me (the Cognos administrator) and our Azure administrator. In the end, the biggest challenge was on the Azure side, although (of course) once figured out, it seems much more trivial. We were also concerned about network security limitations at one point, but that proved unfounded in our case

The other challenge for us was that in moving to OIDC, we moved to a new namespace, meaning that everyone basically was assigned a brand new Cognos account. I manually moved everyone's My Content and carefully granted the right roles and groups. This worked for us manually because we only have 91 users and people's use of Cognos is limited and there are limited variations in security. 

Another challenge is that because everyone was granted a new account, their recent activity disappeared. My solution to that was creating a spreadsheet of who had run what most recently and where that is located

In our case, this work was totally worth it to improve security. MFA is now possible. The LDAP protocol is no longer used; and we are in a better place vis-a-vis penetration testing done annually. Improving security is never ending

Happy to answer more questions

Sincerely

Michael Sullivan

msulliva@northshore.edu

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

What is the Accelerator catalog?

Hi Mike,

In terms of technical ability for the average person to write a javascript program to export/import MRUs... can appreciate that most would lack the ability. The good news is I plan to publish a simple extension to achieve this in the Accelerator catalog. The extension will also provide the same support for importing/exporting favourites.

Since the tool is geared towards the actual user (and not an admin)... namespace complexities are removed since the same import/export url exists regardlesss of which user uses it.

In regards to your "PS" comments, I am not fully aware/"in the loop" of the challenges you are referring to. But, if you have not done so already, I would encourage you to submit an enhancement request. I'd be interesting in learning more about the challenge you have and seeing if there are some ways to help overcome these challenges.
If an enhancement request exists, please share the link so I can take a peek at the details. Thx.

Hi Brenda,

We recently got OIDC working both for Cognos 11.1.7 and Cognos 11.2.4

It took a lot of work and time to make this happen; but IBM was extremely helpful. I can't offer higher praise

The biggest challenge for us was that unlike at IBM, the same person is not both an Azure administrator and a Cognos administrator. Three way webex sessions were necessary with IBM, me (the Cognos administrator) and our Azure administrator. In the end, the biggest challenge was on the Azure side, although (of course) once figured out, it seems much more trivial. We were also concerned about network security limitations at one point, but that proved unfounded in our case

The other challenge for us was that in moving to OIDC, we moved to a new namespace, meaning that everyone basically was assigned a brand new Cognos account. I manually moved everyone's My Content and carefully granted the right roles and groups. This worked for us manually because we only have 91 users and people's use of Cognos is limited and there are limited variations in security. 

Another challenge is that because everyone was granted a new account, their recent activity disappeared. My solution to that was creating a spreadsheet of who had run what most recently and where that is located

In our case, this work was totally worth it to improve security. MFA is now possible. The LDAP protocol is no longer used; and we are in a better place vis-a-vis penetration testing done annually. Improving security is never ending

Happy to answer more questions

Sincerely

Michael Sullivan

msulliva@northshore.edu

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

https://accelerator.ca.analytics.ibm.com/bi

What is the Accelerator catalog?

Hi Mike,

In terms of technical ability for the average person to write a javascript program to export/import MRUs... can appreciate that most would lack the ability. The good news is I plan to publish a simple extension to achieve this in the Accelerator catalog. The extension will also provide the same support for importing/exporting favourites.

Since the tool is geared towards the actual user (and not an admin)... namespace complexities are removed since the same import/export url exists regardlesss of which user uses it.

In regards to your "PS" comments, I am not fully aware/"in the loop" of the challenges you are referring to. But, if you have not done so already, I would encourage you to submit an enhancement request. I'd be interesting in learning more about the challenge you have and seeing if there are some ways to help overcome these challenges.
If an enhancement request exists, please share the link so I can take a peek at the details. Thx.

Hi Brenda,

We recently got OIDC working both for Cognos 11.1.7 and Cognos 11.2.4

It took a lot of work and time to make this happen; but IBM was extremely helpful. I can't offer higher praise

The biggest challenge for us was that unlike at IBM, the same person is not both an Azure administrator and a Cognos administrator. Three way webex sessions were necessary with IBM, me (the Cognos administrator) and our Azure administrator. In the end, the biggest challenge was on the Azure side, although (of course) once figured out, it seems much more trivial. We were also concerned about network security limitations at one point, but that proved unfounded in our case

The other challenge for us was that in moving to OIDC, we moved to a new namespace, meaning that everyone basically was assigned a brand new Cognos account. I manually moved everyone's My Content and carefully granted the right roles and groups. This worked for us manually because we only have 91 users and people's use of Cognos is limited and there are limited variations in security. 

Another challenge is that because everyone was granted a new account, their recent activity disappeared. My solution to that was creating a spreadsheet of who had run what most recently and where that is located

In our case, this work was totally worth it to improve security. MFA is now possible. The LDAP protocol is no longer used; and we are in a better place vis-a-vis penetration testing done annually. Improving security is never ending

Happy to answer more questions

Sincerely

Michael Sullivan

msulliva@northshore.edu

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.

Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.