How to Set TM1 to use Cognos Security (CAM)

Configuring TM1 to use Cognos Security allows you to use your corporate directory server and move the addition and placement of users into a company-wide directory server. When TM1 is first set up or you activate a sample model, they have standard TM1 security. Sample models are Planning Sample, Proven Techniques, GO New Stores, GO Scorecards, SData, or 24Retail.

If you are using TM1 in a corporate environment, you will probably want to use Cognos Security. Then connect your TM1 models to your company’s Active Directory server.

In this post, we will walk you through the steps required to convert a TM1 model from using standard TM1 security to using Cognos CAM security. Cognos provides the link to your directory server. In technical terms, to change from Integrated Security Mode 1 to 5.

Steps to Change TM1 to use Cognos Security

The change from Native to Cognos Security (CAM) involves a few steps. They are:

  1. Modifying the configuration for the specific TM1 model
  2. Deploying and modifying BI Interop files

These are Model Specific Changes for each TM1 Model

  1. With IntegratedSecurityMode still set to 1, open TM1 Architect with TM1 native security. This adds your user to TM1 native security.
  2. Close Architect.
  3. Open TM1s.cfg and modify the setting for:
    1. ClientPingCAMPassport=900
    2. CAMPortalVariableFile=portal\variables_TM1.xml
    3. IntegratedSecurityMode to be 4.
    4. ServerCAMURI=https://cognosgatewayserver.domain.local:9300/p2pd/servlet/dispatch
    5. ClientCAMURI=https://cognosgatewayserver.domain.local/ibmcognos/cgi-bin/cognosisapi.dll
  4. Restart the TM1 service for this model.
  5. Login to Architect now using the AD connection. This will add you to the Security, Clients/Groups in the model with no rights in TM1, but you will be added!
  6. Logout of the model.
  7. Change the security mode in tm1s.cfg back to 1 and restart the service for the model. This is so you can then log in and change your Active Directory ID as an Admin).
  8. Then, log back in using TM1 native security.
  9. Open Security, Clients/Groups for the model.
  10. Find your Active Directory ID and check the ADMIN box.
  11. Save Data for the model.
  12. Change the security mode in tm1s.cfg to 5 and restart the service for the model.
  13. Finally, you can now log in using your AD login and have full control.

Deploy BI Interop Files from the TM1 Server to the BI Server(s)

The last step to convert TM1 to use Cognos Security (CAM) involves making changes directly on the BI server itself. We have written a specific guide to deploying the BI Interop files to the Cognos server. Please see this post.