The Unica Authentication Provider and the IBM Cognos® BI system

By default, the Cognos® system is unsecured because anyone who has access to the IBM Cognos® applications can access the data from the Unica application database. You can secure the Cognos® system by using the Unica Authentication Provider.

When your Unica system integrates with the IBM Cognos® BI system, the IBM Cognos® system provides access to the Unica application data in the following ways:

  • From the Unica applications: When someone requests a report from the Unica interface, the Unica system contacts the IBM Cognos® system. Cognos® queries the reporting views and then sends the report back to the Unica interface.
  • From the IBM Cognos® applications: When you work with the Unica application data model in Framework Manager or with the reports in Report Studio, you connect to the database for the Unica application.

When IBM Cognos® is configured to use Unica authentication, the Unica Authentication Provider that is installed on the IBM Cognos® BI system communicates with the security layer of Unica Platform to authenticate users. For access, the user must be a valid Unica user and must have a role that grants one of the following permissions:

  • report_system grants access to the reporting configuration options in the Unica interface. The ReportsSystem role grants this permission.
  • report_user grants access to the reports but not to the reporting configuration options in the Unica interface. The ReportsUser role grants this permission.

There are two authentication modes:

  • authenticated
  • authenticated per user

Authenticated mode

When the authentication mode is set to authenticated, the communications between the Unica system and the IBM Cognos® system are secured at the machine level. To use the authenticated mode for a user, you must configure a report system user and identify the user in the reporting configuration settings.

When you assign the ReportsSystem role to a user, the user is granted access to all reporting functions. Store the login credentials for the IBM Cognos® system in a user data source. The data source is normally named cognos_admin.

The Unica Authentication Provider uses the following method to authenticate the report system user:

  • Each time that an Unica user attempts to display a report, Unica Platform uses the credentials that are stored in the report system user record in its communication with the Cognos® system. The authentication provider verifies the user credentials.
  • When report authors log in to the IBM Cognos® applications, they log in as the report system user, cognos_admin, and the authentication provider verifies the user credentials.

Authenticated per user mode

When the authentication mode is set to authenticated per user, the reports system does not use a report system user but instead evaluates the credentials of each user. The Unica Authentication Provider uses the following method in the authenticated per user mode:

  • Each time that an Unica user attempts to display a report, Unica Platform includes the user credentials in its communication with the Cognos® system. The authentication provider verifies the user credentials.
  • When report authors log in to the IBM Cognos® applications, they log in as themselves and the authentication provider verifies their credentials.

With the authenticated per user mode, all users must have either the ReportsUser or the ReportsSystem role to see reports. Typically, you assign the ReportsSystem role to one or two administrators and assign the ReportsUser role to the user groups of the Unica users who need to see reports in the Unica interface.

Except for checking for a reporting permission, the authentication provider does not check for other authorization. Report authors who log in to the Cognos® applications have access to all the reports on the Cognos® system, no matter how their report folder permissions might be set on the Unica suite.