Question & Answer
Question
What are the options currently available for Multifactor Authentication with Cognos Analytics 11.1.x release?
Answer
1. Use OpenID Connect connector e.g. OIDC for OKTA, Azure, IBM ID, Google Authentication etc.
---------------------------------------------------------------------------------------------
Consider implementing separate security for external users in a separate namespace using OIDC provider.
Such OIDC providers do have built-in capabilities to offer MFA/2FA features. This will enable to integrate Cognos Analytics 11.1.x in an SSO scenario with MFA/2FA.
i. OKTA Adaptive Multi-Factor Authentication
https://www.okta.com/products/adaptive-multi-factor-authentication/
ii. Google Adding multi-factor authentication to your web app
https://cloud.google.com/identity-platform/docs/web/mfa
iii. IBM ID Types of multifactor authentication
https://cloud.ibm.com/docs/account?topic=account-types
Implement setup OIDC with Cognos Analytics 11.1.x as a namespace using the guidelines below -
OpenID Connect authentication provider
https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/c_openid_namespace.html
IBM Cognos Analytics 11.1.x, does NOT support DUO Security as an OIDC provider, however if DOU Security is capable of enabling OIDC, may consider using the Generic OIDC connector within IBM Cognos Analytics 11.1.x.
Generic OIDC provider type
https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/c_generic_oidc_type.html
2. 3rd party connector API tools to enable MFA/2FA using existing Microsoft Active Directory
--------------------------------------------------------------------------------------------
If consideration determined to use existing Microsoft Active Directory (AD) for both internal and external users, only facility available would be resource other 3rd party connector API tools which enable MFA/2FA security features.
Such 3rd party connector API tools would use separate Custom Java API Provider (CJAP) to implement SSO and MFA/2FA solutions using SAML (Secure XML).
i. Secure IBM Cognos with SAASPASS Two-Factor Authentication (2FA) and Single Sign-On (SSO) with SAML Integration
https://saaspass.com/sso/ibm-cognos-multi-factor-authentication-mfa-single-sign-on-saml/
ii. Ibm Cognos Single Sign-on (SSO) Integration
https://authdigital.com/ibm-cognos-single-sign-on
PLEASE NOTE: The information and guidance provided by IBM Cognos Support is "as-is" generic approach and no details of the integration and design solutioning to be provided. Advice specific to each customer business requirement needs, requires good understanding of the functionality requirements and existing architectural integration point topologies. Such tailored expertise and advice will be better handled and provided through an engagement process through IBM Services.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6OAAS","label":"Security-\u003EAuthentication"}],"ARM Case Number":"TS008972216","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
12 April 2022
UID
ibm16571283