Hi Brenda,
We recently got OIDC working both for Cognos 11.1.7 and Cognos 11.2.4
It took a lot of work and time to make this happen; but IBM was extremely helpful. I can't offer higher praise
The biggest challenge for us was that unlike at IBM, the same person is not both an Azure administrator and a Cognos administrator. Three way webex sessions were necessary with IBM, me (the Cognos administrator) and our Azure administrator. In the end, the biggest challenge was on the Azure side, although (of course) once figured out, it seems much more trivial. We were also concerned about network security limitations at one point, but that proved unfounded in our case
The other challenge for us was that in moving to OIDC, we moved to a new namespace, meaning that everyone basically was assigned a brand new Cognos account. I manually moved everyone's My Content and carefully granted the right roles and groups. This worked for us manually because we only have 91 users and people's use of Cognos is limited and there are limited variations in security.
Another challenge is that because everyone was granted a new account, their recent activity disappeared. My solution to that was creating a spreadsheet of who had run what most recently and where that is located
In our case, this work was totally worth it to improve security. MFA is now possible. The LDAP protocol is no longer used; and we are in a better place vis-a-vis penetration testing done annually. Improving security is never ending
Happy to answer more questions
Sincerely
Michael Sullivan
msulliva@northshore.edu
------------------------------
Michael Sullivan
------------------------------
Original Message:
Sent: Wed April 10, 2024 04:30 PM
From: brenda grossnickle
Subject: Anyone using OpenID Connect with Cognos
Anyone using OpenID Connect with Cognos? Can you let me know if you got it to work or could not get it to work and what was your Cognos version. Back in 2019 we tried very hard to get it to work (we support several different version of Cognos 11) and could not. Wondering if we should give it another try.
------------------------------
brenda grossnickle
BI Programmer Analyst
FIS
------------------------------