Cognos - Sign-In Linked to 3rd party application, or automated to LDAP

[hauge9]

We currently have a 3rd party application that users login to run reports. We are considering rebuilding these as Cognos reports, but would still like the users to be able to run them from the other application, without having to log in again.

Anyone know of a way to link the login information between another application and Cognos?

Or...

We are currently using Active Directory for our Cognos login. Users must also login to Active Directory when logging in to their PC. Any way to send the PC login information to Cognos so they don't have to login to Active Directory again?

Any thoughts of info would be helpful. Thanks.

[ducthcogtechie]

Yes, just create an AD connector in cognos configuration, add advanced propertie "SingleSignonOption" with value "Identitymapping".
Then in IIS enable windows integrated authentication on file cognos.cgi and/or cognosisapi.dll.

You now have SSO enabled for Cognos against AD.

[hauge9]

Thanks a ton! I apologize for posting the same message in both forums...I wasn't sure in which forum the question applied.
Is there anything that needs to be done on the client/browser side? Or does that pretty much take care of it?

[ducthcogtechie]

Nope, what i described is it.

[hauge9]

I followed those steps and was able to get it to work! However, on the browser side Cognos needs to be added to the users trusted intranet sites. The worst case scenario, would be the make that the default IE setting across the company. Do you know of any way to get around this setting?

[ducthcogtechie]

You are fighting IE security here. You probably came up with a real nice fqdn for your cognos server, that is not picked up by the regular DNS as internal. Connect to http://servername/cognos8 and you will probably get in right away.
IE is responding as it should. Adding to Local intranet is lowering the security for that fqdn manually.
Have a chat with the network/window server guys to see if they can help you. if they can't, you're suck with adding the fqdn manually, or reverting back to hostname.

[kolonell]

In the Internet Options of IE (Advanced  tab) there is an option to send the authentication information to websites in other security zones as well. The default setting is to only allow that for the Intranet zone.  Not too sure about the location of the setting (either the advanced tab or Security one) and have no IE at hand to check ;-)