Good morning,

we met the problem that our on premise Cognos 12 environment signed in slower and slower with the amount of Active directory groups for a user.

We also have the possibility of connecting through Azure AD. We did this already in our test environment - it's pretty fast.

But we faced the problem that all existing users, profiles and access privileges are missing now. We would have to reproduce everything one by one which makes no sense to me.

Is there any way to migrate the existing "config" from the on premise AD to the Azure AD? 

Thank you 

Daniel

Hi,

There are third-party tools that can make this process easy, but you need to pay for them. I don't think there is an out-of-the-box way to do this other than manual migration, which is difficult.

Take a look at https://www.bspsoftware.com/products/security-migrator/ for one example. I think Motio also has a similar offering (and IBM resells it also).

Cheers!
MF.

Hello @Daniel Nienaber,

Regarding: Migrate Authentication Directory

We have migrated various Authentication Directories from LDAP to AD, from one AD to another, from one LDAP to another and so on.
I can acknowledge that you will be facing issues, as the resulting UserID (AD: hashed UID, LDAP: UID) in the CS that references to the respective account will change.

We have overcome this by using cJAP as authentication provider proxy between Cognos and LDAP/AD.

So, it's quite easy and straightforward, but needs some Java and Websphere knowledge to get it up and running. Happy to help you on that.

You might need a mapping step in between, depending on your exact requirements / situation. 

We can share the code base with you - it's on our private repo.

Regarding the "speed": we implemented caching in cJap so that users, that have authenticated are only verified once in 24h against the Directory - any subsequent auth requests are answered from data stored in arrays in memory of the cJap or Cognos application.

Best regards,

Ralf

P.D. You can reach me via e-Mail ralf - ät - amvara.io