The HCL Marketing Software Authentication Provider and the HCL Cognos BI system

By default, the Cognos® system is unsecured because anyone who has access to the HCL® Cognos applications can access the data from the HCL Marketing Software application database. You can secure the Cognos system by using the HCL Marketing Software Authentication Provider.

When your HCL Marketing Software system integrates with the HCL Cognos BI system, the HCL Cognos system provides access to the HCL Marketing Software application data in the following ways:

  • From the HCL Marketing Software applications: When someone requests a report from the HCL Marketing Software interface, the HCL Marketing Software system contacts the HCL Cognos system. Cognos queries the reporting views or tables and then sends the report back to the HCL Marketing Software interface.
  • From the HCL Cognos applications: When you work with the HCL Marketing Software application data model in Framework Manager or with the reports in Report Studio, you connect to the database for the HCL Marketing Software application.

When HCL Cognos is configured to use HCL Marketing Software authentication, the HCL Marketing Software Authentication Provider that is installed on the HCL Cognos BI system communicates with the security layer of Marketing Platform to authenticate users. For access, the user must be a valid HCL Marketing Software user and must have a role that grants one of the following permissions:

  • report_system grants access to the reporting configuration options in the HCL Marketing Software interface. The ReportsSystem role grants this permission.
  • report_user grants access to the reports but not to the reporting configuration options in the HCL Marketing Software interface. The ReportsUser role grants this permission.

There are two authentication modes:

  • authenticated
  • authenticated per user

Authenticated mode

When the authentication mode is set to authenticated, the communications between the HCL Marketing Software system and the HCL Cognos system are secured at the machine level. To use the authenticated mode for a user, you must configure a report system user and identify the user in the reporting configuration settings.

When you assign the ReportsSystem role to a user, the user is granted access to all reporting functions. Store the login credentials for the HCL Cognos system in a user data source. The data source is normally named cognos_admin.

The HCL Marketing Software Authentication Provider uses the following method to authenticate the report system user:

  • Each time that an HCL Marketing Software user attempts to display a report, Marketing Platform uses the credentials that are stored in the report system user record in its communication with the Cognos system. The authentication provider verifies the user credentials.
  • When report authors log in to the HCL Cognos applications, they log in as the report system user, cognos_admin, and the authentication provider verifies the user credentials.

Authenticated per user mode

When the authentication mode is set to authenticated per user, the reports system does not use a report system user but instead evaluates the credentials of each user. The HCL Marketing Software Authentication Provider uses the following method in the authenticated per user mode:

  • Each time that an HCL Marketing Software user attempts to display a report, Marketing Platform includes the user credentials in its communication with the Cognos system. The authentication provider verifies the user credentials.
  • When report authors log in to the HCL Cognos applications, they log in as themselves and the authentication provider verifies their credentials.

With the authenticated per user mode, all users must have either the ReportsUser or the ReportsSystem role to see reports. Typically, you assign the ReportsSystem role to one or two administrators and assign the ReportsUser role to the user groups of the HCL Marketing Software users who need to see reports in the HCL Marketing Software interface.

Except for checking for a reporting permission, the authentication provider does not check for other authorization. Report authors who log in to the Cognos applications have access to all the reports on the Cognos system, no matter how their report folder permissions might be set on the HCL Marketing Software suite.