Namespace ID Specifies a unique identifier for the authentication namespace. Use the namespace identifier to distinguish between multiple namespaces. Each namespace must have a unique identifier. When you select a namespace to use for authentication in the run-time environment, the identifier is used by the IBM Cognos components. Changing the namespace ID after the service has been started may invalidate the object security policies and the Cognos group and role memberships. The use of the colon in the Namespace ID is not supported. Base Distinguished Name Specifies the base distinguished name of the LDAP server. The product uses the base DN to identify the top level of your directory server structure. The root of the hierarchal directory structure is the starting place for all searches. You restrict searches by specifying a base DN. Time out in seconds Specifies the number of seconds permitted to perform a search request. The product uses this value when it requests authentication from the namespace on your directory server. The value depends on your reporting environment. If the duration is exceeded, the search is timed out. The default value -1 indicates that the value on the LDAP server will be used. SSL certificate database Specifies the location of the certificate database used by the directory server for SSL connections. Use this property to point to the location of the SSL certificate database for your LDAP server. Host and port Specifies the host name and port of the directory server. Use the following syntax to specify the host name and port for the directory server: host:port; for example, localhost:389. Ensure that if you use a fully qualified name for your computer that your DNS is set up to resolve it. Otherwise, you can also use the IP address. Size limit Specifies the maximum number of responses permitted for a search request. The value depends on your environment. As a general rule, the minimum value for this setting should be greater than the maximum number of groups or users plus 100. When the size limit is reached the directory server stops searching. The default value of -1 indicates that the value on the LDAP server will be used. Advanced properties Specifies a set of advanced properties. The user needs to provide the name and the value for each advanced property. Selectable for authentication? Specifies whether the namespace is selectable for authentication. If this property is set to true, the namespace will be available for authentication in the logon page namespace selection prompt. Set this value to false if the namespace should not be available for selection on the logon page. Unique identifier Specifies the value used to uniquely identify objects stored in the LDAP directory server. Specify either an attribute name or the value of 'dn' to use as the unique identifier. If an attribute is used, it must exist for all objects, such as users, groups, folders. If the 'dn' is used, more resources are used as you search deeper in the LDAP directory server hierarchy and policies may be affected if the 'dn' is renamed. Object class Specifies the name of the LDAP object class used to identify a folder. Name Specifies the LDAP attribute used for the "name" property of a folder. Object class Specifies the name of the LDAP object class used to identify a group. Member Specifies the LDAP attribute used to identify the members of a group. Account object class Specifies the name of the LDAP object class used to identify an account. Content locale Specifies the LDAP attribute used for the "contentLocale" property for an account. Name Specifies the LDAP attribute used for the "name" property for an account. Password Specifies the LDAP attribute used for the "password" property for an account. Product locale Specifies the LDAP attribute used for the "productLocale" property for an account. User name Specifies the LDAP attribute used for the "userName" property for an account. User lookup Specifies the user lookup used for binding to the LDAP directory server. Use this property to specify the string that is used to construct the fully qualified DN for authentication. All instances of '${userID}' in this string are replaced by the value typed in by the user at the logon prompt. If the string does not begin with an open parenthesis, the result of the substitution is assumed to be a DN which can be used for authentication. For example, 'uid=${userID},ou=people, base DN', where base DN is the Base Distinguished Name parameter value. If the value begins with an open parenthesis '(', the result of the substitution is assumed to be a search filter. Before binding, the provider uses the filter to get the DN for authentication. For example, '(userPrincipalName=${userID})'. A filter should be used if you have a hierarchical directory structure. Use external identity? Specifies whether to use the identity from an external source for user authentication. If this property is set to true, the user is authenticated by an external source and the user's identity is provided to the product from the external source. For example, if SSL is configured to use client certificates, the Web server sets the REMOTE_USER environment variable to the user's identity. If you set this property to true, ensure that you set the "External Identity Mapping" property. External identity mapping Specifies the mapping used to locate a user in the LDAP directory server. This property is used only if you enable the "Use External identity" property. This mapping is used to construct a DN or a search filter to locate a user in the LDAP directory server. All instances of '${environment("ENVIRONMENT_VARIABLE_NAME")' in this string are replaced by the value of the environment variable provided by the Web server. If the string does not begin with an open parenthesis, the result of the substitution is assumed to be the user's DN. For example, 'uid=${environment("REMOTE_USER")},ou=people, base DN', where base DN is the Base Distinguished Name parameter value. If the value begins with an open parenthesis '(', the result of the substitution is assumed to be a search filter. For example, '(userPrincipalName=${environment("REMOTE_USER")})'. Note that you must either enable anonymous access to the LDAP directory server or set the 'Bind user DN and password' property. Use bind credentials for search? Specifies whether to use the bind credentials to perform a search. This property only affects users who don't use the external identity mapping. If this property is set to true, the bind credentials provided in the namespace configuration will be used to perform a search in the LDAP directory server. If this flag is false or bind credentials are not presented, the authenticated user credentials will be used for searching. Allow empty password? Specifies whether empty passwords are allowed for user authentication. Set this property to true only if you specifically wish to allow empty passwords. When a user is not required to specify a password, he is authenticated as an anonymous user on the LDAP namespace, but as a named user on the Cognos namespace. Requiring passwords for authentication increases security and makes it more difficult to forge identities. By default, this property is set to false. Description Specifies the LDAP attribute used for the "description" property of a folder. Description Specifies the LDAP attribute used for the "description" property of a group. Name Specifies the LDAP attribute used for the "name" property of a group. Business phone Specifies the LDAP attribute used for the "businessPhone" property for an account. Description Specifies the LDAP attribute used for the "description" property for an account. Email Specifies the LDAP attribute used for the "email" address of the account. Fax/Phone Specifies the LDAP attribute used for the "faxPhone" property for an account. Given name Specifies the LDAP attribute used for the "givenName" property for an account. Home phone Specifies the LDAP attribute used for the "homePhone" property for an account. Mobile phone Specifies the LDAP attribute used for the "mobilePhone" property for an account. Pager phone Specifies the LDAP attribute used for the "pagerPhone" property for an account. Postal address Specifies the LDAP attribute used for the "postalAddress" property for an account. Surname Specifies the LDAP attribute used for the "surname" property for an account. Tenant ID Mapping Specifies how namespace users are mapped to tenant IDs. Specifying a value for this parameter enables multitenancy. The tenant ID for a user can be determined using a pattern or a tenant provider class. The pattern is a AAA service search path to a property which defines a tenant ID. The search path must be relative to a user account. For example: '~/ancestors[2]/defaultName'. A tenant provider class is Java class which implements the the ITenantProvider interface. For more details please consult the installation and configuration guide. Pattern Provider Class Tenant Bounding Set Mapping Specifies how the tenant bounding set is determined for a user. This parameter is used when multitenancy is enabled. The tenant bounding set for a user can be determined using a pattern or a tenant bounding set provider class. The pattern is a AAA service search path to a property which defines a tenant bounding set. The search path must be relative to a user account. For example: '˜/parameters/boundingSet'. A tenant bounding set provider class is Java class which implements the the IBoundingSetProvider interface. For more details please consult the installation and configuration guide. Pattern Provider Class Certificate location Specifies the location of trusted certificates. Use discovery endpoint? Specifies whether the Identity Provider returns a discovery document. Set this value to true if the Identity Provider supports a discovery document endpoint and fill out the discovery endpoint configuration group. Set this value to false if the Identity Provider does not support a discovery document endpoint and fill out the non-discovery endpoint configuration group. Strategy Specifies how to authenticate to the Identity Provider when invoking the token endpoint. Use client secret post if the client id and client secret should be transmitted in the request body. Use client secret basic if the client id and client secret should be transmitted in the HTTP header. Use private key JWT if the client id and a JWT client_assertion that is signed with a private key should be transmitted in the request body. Client secret post Client secret basic Private key JWT Private key file Specifies the file that contains the private signing key. The file that contains the private signing key in PKCS8 format. It must contain a single private RSA key of length 2048 bits. Private key password Specifies the private key password used to protect the private signing key. This password is required to secure the private key. It provides an extra layer of security by encrypted the private key file using a password. Private key identifier Specifies the key identifier that should be placed in the JWT header. The key identifier that will be set in the JWT 'kid' header. Use this configuration item if your identity provider requires a 'kid'. Leave this value blank if your identity provider does not require a 'kid'. Scope for authorize endpoint Specifies the scope parameter values provided to the authorize endpoint. The scope parameter values that will be added to the authorize endpoint URL for authentication. At a minimum, 'openid' must be included in the list of possible scope values. Account claims Specifies if the id_token contains all of the account claims. Set this value to token if the id_token contains all of the user claims. Set this value to userinfo if an additional call should be made to the userinfo endpoint in order to retrieve any user claims that are not part of the id_token. ID token Userinfo endpoint Signature key location Specifies the location of the signing public key or certificate. Set this value to 'File' if the signing certificate is manually downloaded from the Identity Provider as a certificate and placed on the file system. Set this value to 'JWKS endpoint' if the Identity Provider supports an endpoint for retrieving id_token signature keys. Note: if the Identity Provider does not support a discovery document but provides public keys via a JWKS endpoint, then the JWKS Endpoint must contain a valid URI for retrieving the public keys. JWKS endpoint File Strategy Specifies how to get the user's identity when using the password grant flow. Set this value to 'ID token' if all user claims are returned in the id_token. Set this value to 'ID token and userinfo endpoint' if an id_token is returned from the password grant flow but does not contain all of the user claims. Set this value to 'Userinfo endpoint' if the id_token does not contain any user claims and if the user claims should be retrieved from the userinfo endpoint. Set this value to 'Unsupported' if the Identity Provider does not support the password grant flow. ID token ID token and userinfo endpoint Userinfo endpoint Unsupported Include scope? Specifies that the scope should be included when using the password grant flow. Set this value to true to indicate that the scope parameter should be included as part of the query string for the password grant flow. Set this value to false to indicate that the scope should be omitted from the query string for the password grant flow. Additional parameters Specifies any additional parameters that are required for the password grant flow. Set this value to reflect any additional parameters that should be included as part of the query string for the password grant flow. The parameter must begin with an '&&' and must be urlencoded so that it can be safely inserted into the query string. For example, if the 'resource=https://ca.ibm.com' parameter is required in the query string, it must be entered as: '&resource=https%3A%2F%2Fca.ibm.com'. Account claims Specifies if the id_token contains all of the account claims. Set this value to 'ID token' if the id_token returned from the token endpoint contains all of the user claims. Set this value to 'Userinfo endpoint' if an additional call to the userinfo endpoint is required in order to obtain all of the user claims. ID token Userinfo endpoint Strategy Specifies the information that should be stored for scheduling jobs. Set this value to 'Credentials' if the Identity Provider supports the password grant and returns a valid id_token that contains all of the user claims in the response. Set this value to 'Credentials and ID token' if the Identity Provider supports the password grant flow but does not return a valid id_token in the response or if the id_token does not contain all of the user claims. Set this value to 'Refresh token' if the Identity Provider supports the refresh token flow, provides a non-expiring refresh token, and returns a valid id_token that contains all of the user claims from the refresh token flow. Set this value to 'ID token only' if the Identity Provider does not support the password grant nor refresh token flows (Note: when set to 'ID token only', it will not be possible to verify that the user is still exists and is enabled in the Identity Provider). Credentials Credentials and ID token Refresh token ID token only User ID and password Specifies the user ID and password that the product uses to connect to the content store. This value identifies the database user who has unrestricted access to the database. The product uses this account to access the content store. To secure the logon credentials, you can encrypt the database logon information immediately by saving your configuration. Database server and port number Specifies the host name or TCP/IP address of the computer where the content store is located. Change the value of this property if the content store is located on a remote computer or is using a port different than the current one. Database server with port number or instance name Specifies the Microsoft SQL server using host:port or host\\instancename descriptor. Use this property to specify the Microsoft SQL server with either a port or a named instance. If specifying an instance name, use a backward slash to separate the hostname from the instance name. (e.g. hostname\\instance1) Service name Specifies the service name (SID) for the Oracle database instance. Use this property so that you can connect to the Oracle instance that corresponds to the database. SID Specifies the SID for the Oracle database instance. Use this property so that you can connect to the Oracle instance that corresponds to the database. Database name Specifies the name of the database used as the content store. Enter the name of the database. The name is set when you create the database. Ensure that the value for this property corresponds to the name of the database you created. Otherwise, the product will not run. Database specifier Specifies the Oracle database with a connect descriptor. Use this property to specify the Oracle database with a Net8 keyword-value pair. Version Specifies the version of Microsoft SQL Server. SQL Server 2005 SQL Server 2008 SSL Encryption Enabled Specifies whether database connection should use SSL encryption. Use this property to enable SSL encryption of the database connection. Enabled? Use this flag to enable or disable this adapter. Adapter ID Specifies the unique ID of this adapter. The IDs of all adapter configuration instances must be unique among all adapter instances that are connected to the same Business Viewpoint server. This includes adapter instances on other computers that are connected to the same server. Database Specifies the database type for the content store. You cannot change the value of this property. It is automatically set when you choose the database type for the content store in the Explorer window. Microsoft SQL Server database Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the name of the SQL Server database. Defines the set of extra connection parameters. Microsoft SQL Server database (Windows Authentication) Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the name of the SQL Server database. Defines the set of extra connection parameters. Oracle database Defines a group of properties used to locate an existing Oracle database. Ensure that the database exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Defines the set of extra connection parameters. Oracle database (Advanced) Defines a group of properties used to locate an existing Oracle database. Specify this database connection using an Oracle TNS name description. For example, (description=(address=(host=myhost)(protocol=tcp)(port=1521))(connect_data=(sid=orcl))). Ensure that the database already exists. Defines the set of extra connection parameters. DB2 database Defines a group of properties used to locate an existing DB2 database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. When a value is specified, database connections are made directly to the database (type 4). When the value is left blank, database connections are made through the database client (type 2). Specifies the name of the DB2 database. Defines the set of extra connection parameters. Informix Dynamic Server database Defines a group of properties used to locate an existing Informix Dynamic Server database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Specifies the name of the Informix Dynamic Server database. Defines the set of extra connection parameters. External Object Store Defines an external object store. File System Defines a group of properties used to access a file system based object store. Ensure that the file system location exists and is fully accessible for the user under whose credentials the IBM Cognos service will be running. Path Specifies a set of Windows and Unix operating systems specific paths. The path must be specified using file URI scheme (i.e file://host/file-system-path). The host element in the URI can be used used to identify a Windows UNC path such as \\\\host\\share. To specify a local path the host element must be omitted (i.e. file:///c:/file-system-path). For the Unix URI the host element is not supported, a local path must be used. Relative paths such as file:///../file-system-path are not supported. For distributed IBM Cognos installations the URI locations must be accessible by all the instances. Database Specifies the database type for the content store. You cannot change the value of this property. It is automatically set when you choose the database type for the content store in the Explorer window. Microsoft SQL Server database Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the name of the SQL Server database. Specifies extra database features that can be concatenated as name=vaule pair in the connection string. Microsoft SQL Server database (Windows Authentication) Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the name of the SQL Server database. Specifies extra database features that can be concatenated as name=vaule pair in the connection string. Oracle database Defines a group of properties used to locate an existing Oracle database. Ensure that the database exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Specifies extra database features that can be concatenated as name=vaule pair in the connection string. Oracle database (Advanced) Defines a group of properties used to locate an existing Oracle database. Specify this database connection using an Oracle TNS name description. For example, (description=(address=(host=myhost)(protocol=tcp)(port=1521))(connect_data=(sid=orcl))). Ensure that the database already exists. DB2 database Defines a group of properties used to locate an existing DB2 database. Ensure that the database already exists. Generate DDL Specifies the name or TCP/IP address of the database computer. When a value is specified, database connections are made directly to the database (type 4). When the value is left blank, database connections are made through the database client (type 2). Specifies the name of the DB2 database. Enter the name of the database. Specifies extra database features that can be concatenated as name=vaule pair in the connection string. Informix Dynamic Server database Defines a group of properties used to locate an existing Informix Dynamic Server database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Specifies the name of the Informix Dynamic Server database. Enter the name of the database. Specifies extra database features that can be concatenated as name=vaule pair in the connection string. Database Specifies the database type for the content store. You cannot change the value of this property. It is automatically set when you choose the database type for the content store in the Explorer window. Microsoft SQL Server database Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the user ID and password that the product uses to connect to the Planning database. Microsoft SQL Server database (Windows Authentication) Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Oracle database Defines a group of properties used to locate an existing Oracle database. Ensure that the database exists. Specifies the user ID and password that the product uses to connect to the Planning database. Oracle database (Advanced) Defines a group of properties used to locate an existing Oracle database. Specify this database connection using an Oracle TNS name description. For example, (description=(address=(host=myhost)(protocol=tcp)(port=1521))(connect_data=(sid=orcl))). Ensure that the database already exists. Specifies the user ID and password that the product uses to connect to the Planning database. DB2 database Defines a group of properties used to locate an existing DB2 database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. When a value is specified, database connections are made directly to the database (type 4). When the value is left blank, database connections are made through the database client (type 2). Specifies the user ID and password that the product uses to connect to the Planning database. Database Specifies the database type for the content store. You cannot change the value of this property. It is automatically set when you choose the database type for the content store in the Explorer window. Microsoft SQL Server database Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the user ID and password that the product uses to connect to the database. This value identifies the database user who has unrestricted access to the database. The product uses this account to access the database. To secure the logon credentials, you can encrypt the database logon information immediately by saving your configuration. Defines the set of extra connection parameters. Microsoft SQL Server database (Windows Authentication) Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Defines the set of extra connection parameters. Oracle database Defines a group of properties used to locate an existing Oracle database. Ensure that the database exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Specifies the user ID and password that the product uses to connect to the database. This value identifies the database user who has unrestricted access to the database. The product uses this account to access the database. To secure the logon credentials, you can encrypt the database logon information immediately by saving your configuration. Defines the set of extra connection parameters. Oracle database (Advanced) Defines a group of properties used to locate an existing Oracle database. Specify this database connection using an Oracle TNS name description. For example, (description=(address=(host=myhost)(protocol=tcp)(port=1521))(connect_data=(sid=orcl))). Ensure that the database already exists. Specifies the user ID and password that the product uses to connect to the database. This value identifies the database user who has unrestricted access to the database. The product uses this account to access the database. To secure the logon credentials, you can encrypt the database logon information immediately by saving your configuration. Defines the set of extra connection parameters. DB2 database Defines a group of properties used to locate an existing DB2 database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. When a value is specified, database connections are made directly to the database (type 4). When the value is left blank, database connections are made through the database client (type 2). Specifies the user ID and password that the product uses to connect to the database. This value identifies the database user who has unrestricted access to the database. The product uses this account to access the database. To secure the logon credentials, you can encrypt the database logon information immediately by saving your configuration. Defines the set of extra connection parameters. Informix Dynamic Server database Defines a group of properties used to locate an existing Informix Dynamic Server database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Specifies the name of the Informix Dynamic Server database. Enter the name of the database. Defines the set of extra connection parameters. Database Specifies the database type for the Business Viewpoint repository. You cannot change the value of this property. It is automatically set when you choose the database type for the repository in the Explorer window. Microsoft SQL Server database Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies an instance of Microsoft SQL Server 2005 database using the following syntax: "computername:port" Specify either the name or the IP address of the database computer. You can use 'localhost' name if the database is located on the same computer. Use SQL Server Configuration Manager to determine the TCP port used by the database instance. For more information, see the Microsoft SQL Server 2005 documentation. Specifies the name of the SQL Server database. Oracle database Defines a group of properties used to locate an existing Oracle database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. DB2 database Defines a group of properties used to locate an existing DB2 database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. When a value is specified, database connections are made directly to the database (type 4). When the value is left blank, database connections are made through the database client (type 2). Specifies the name of the DB2 database. Database Specifies the Controller database type. You cannot change the value of this property. It is automatically set when you choose the Controller database type in the Explorer window. Microsoft SQL Server database Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the name of the SQL Server database. Oracle database Defines a group of properties used to locate an existing Oracle database. Ensure that the database exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Data encoding Specifies the encoding of the data stored in the LDAP directory server. If this property is set to an encoding other than UTF-8, then the data is converted from UTF-8 to the encoding you specify. The encoding must follow IANA (RFC 1700) or MIME character set specifications. For example, use windows-1252, iso-8859-1, iso-8859-15, Shift_JIS, utf-16, or utf-8. Ping timeout in seconds Specifies the maximum number of seconds to wait for a response to a ping. If the ping is not responded to within the specified time interval, the process is automatically restarted. Stop wait time in seconds Specifies the maximum number of seconds that the IBM Cognos service waits for the process to stop. After this amount of time, the process is automatically stopped. Maximum memory in MB Specifies the maximum amount of memory in MB that can be used by the process. This value determines the amount of memory used by the Java Virtual Machine and depends on how much memory is available. If this value is too high, the process will fail to start and no log information will be generated. Invoke the test action to determine if this value is valid. Shutdown port number Specifies the port the product uses to listen for a shutdown command. The port number is used by Tomcat. When you change the port, it is automatically updated in the server.xml file located in the cognos_location/tomcat/conf directory. Signing key store location Specifies the location of the key store database that contains the signing key pairs. For distributed installations, this database must exist on each computer. Signing key store password Specifies the password used to protect the signing key store database. This password provides an additional level of security not available when storing keys in files. By default, this password is immediately encrypted when you save your configuration. Encryption key store location Specifies the location of the key store that contains encryption key pairs. For distributed installations, this database must exist on each computer. Encryption key store password Specifies the password used to protect the encryption key store database. This password provides an additional level of security not available when storing keys in files. By default, this password is immediately encrypted when you save your configuration. Path Specifies the subset of URLs in a domain for which the cookie is valid. If a cookie successfully passes domain matching, the pathname component of the URL is compared to the value of this property. If the values match, the cookie is valid. The path "/" is the most general path. Domain Specifies the domain for which the cookie is valid. The domain attributes of the cookie are compared with the Internet domain name of the host from which the URL will be fetched. If the values match, the cookie is valid. Secure flag enabled? Specifies whether the cookie is sent only to secure servers. If this property is set to true, then the cookie will only be sent to HTTPS servers. If the property is set to false, the cookie can be sent over unsecured channels. Custom properties Specifies a set of custom properties. The user needs to provide the name and the value for each custom property. SMTP mail server Specifies the host name and port of the mail server computer. Use the following syntax to specify the location of the mail server: host:port. The default SMTP port on most mail servers is 25. Account and password Specifies the user id and password to log on to the mail server. If the mail server requires authentication to send messages, enter a valid user id and password. If the mail server does not require authentication, leave these values empty. Default sender Specifies the email address of the sender. This setting specifies the email address of the 'sender' of outgoing messages. Use a valid email address. Identity Provider Specifies the implementation of an OpenID Connect identity provider. Issuer Specifies the OpenID claim issuer. A string that represents the identity provider that issued the claims in the ID token. This value must match the value of the 'iss' entry in the ID token JSON document. Token Endpoint Specifies the OpenID Connect token endpoint The token endpoint is used to retrieve the identity token after a successful authentication to the OpenID Connect identity provider. Authorization Endpoint Specifies the OpenID Connect authorization endpoint. The authorization endpoint is a URL that your OpenID Connect identity provider uses for authentication. In most cases, the URL should use the https scheme. The authorization endpoint is invoked when users authenticate to the OpenID Connect identity provider. Client Identifier Specifies the OpenID Connect client identifier The client identity that is assigned to the application by the OpenID Connect identity provider. OpenID Connect client secret Specifies the client secret that is assigned to the application by the OpenID Connect identity provider. The client secret that is assigned to the application by the OpenID Connect identity provider. Identity provider certificate file Specifies the location of the certificate that is used by the OpenID Connect identity provider to sign the identity token. A path to the file that contains the certificate used by the identity provider to sign the JSON Web Token. The path must include the certificate file name and be accessible to the running instance of Cognos Analytics. The certificate must be in a PEM format, include only the public key certificate, and include the begin and end certificate lines. The certificate file cannot be placed in the configuration/certs directory. JWKS Endpoint Specifies the OpenID Connect endpoint for retrieving JWT signing keys, using the following syntax: https://<SiteMinder fully qualified hostname:port>/affwebservices/CASSO/oidc/jwks?AuthorizationProvider=<provider name> The JWKS endpoint is a URL that your OpenID Connect identity provider uses to provide signing key data. In most cases, the URL should use the https scheme. The JWKS endpoint is invoked when validating an id_token returned from the identity provider. Return URL Return URL that is configured with the OpenID Connect identity provider. The return URL is invoked by the OpenID Connect identity provider after successfully authenticating a user. The URL format is https://dispatcherHOST:dispatcherPORT/bi/completeAuth.jsp or https://webserverHOST:webserverPORT/ibmcognos/bi/completeAuth.jsp. This URL completes Cognos Analytics authentication using the OpenID Connect identity provider. Discovery Endpoint Specifies the OpenID Connect discovery endpoint The discovery endpoint is used to retrieve the OpenID Connect configuration that includes the authorization endpoint, token endpoint, jwks endpoint, and issuer. Identity claim name Specifies the name of the claim that will be provided to the target namespace. A string that represents the name of the claim from the id_token that will be provided to the target namespace. This value must be a single string value in the id_token and must exist for all account objects. Trusted environment name Specifies the environment variable name that will be used to transfer the claim to the target namespace. A string that represents the environment variable name that will be used to transfer the claim to the target namespace. This value is dependent on the target namespace type and corresponds to how the target namespace will obtain the user's identity. For example, the LDAP and Active Directory namespace types both expect the user's identity to be passed in the REMOTE_USER environment variable. Redirect namespace ID Specifies the namespace ID that will be invoked with the claim obtained from the OpenID identity provider. A string that represents the ID of the namespace that will be invoked with the claim obtained from the OpenID identity provider. This value must match the namespace ID of a configured namespace (e.g., LDAP, AD, etc). Unique identifier Specifies the value used to uniquely identify account objects. Specify either an existing Content Manager account object model property (e.g., email, username, defaultName, etc) or the name of a configured custom property. A claim must be returned for all accounts from the Identity Provider for either the Content Manager account object model property or the configured custom property. The value selected must be unique across all account objects. The value selected should be constant over time with a low probability of needing to be changed. NOTE: this value should not be changed after initial namespace configuration.

Configuration Group Defines the properties for the configuration group. Group Settings Defines a group of properties that specifies configuration group information. Use this group of properties to set the information associated with the configuration server group. Group name Specifies the name of the configuration group. A name that defines a group of installs/servers that share configuration in a configuration group. This value must be the same for all servers in the configuration group, and must be unique for each group. Different configuration groups must have a different name. A descriptive name like "inventory_production" is recommended Group password Specifies the password that enables secure communication between members of configuration group. The password must be the same for all members of the group. Group contact port Specifies the port number used for group communication and coordination on the primary configuration group member. Other CA installs use this port and group contact host as the initial way to join the configuration group Group contact host Specifies the host name of the primary configuration group member. It should be the same host as primary Content Manager install. Local Member Settings Defines a group of properties that specifies local configuration group information. Use this group of properties to set the information associated with the local member of configuration group. Member synchronisation port Specifies the local port number used for network communication that transfers and synchronizes configuration information from one server to another. It can be any free port Member coordination port Specifies the local port number used for network communication for group coordination. This port is used to discover and join a group, and to maintain an up to date list of configuration group members. On the primary CM install group contact port is the same port. Member coordination host Specifies the local host name used for network communication for group coordination. A host name that resolves to the network address that should be used to communicate with this install for group communication. The computer's network hostname is used by default. If the local machine has more than one network adapter, it may be necessary to specify the network host name or an IP address to ensure the product uses the right adapter.

TM1 Application Server Defines a group of properties for the TM1 Application Server. Maximum memory in MB Specifies the maximum amount of memory in MB that can be used by the process. This value determines the amount of memory used by the Java Virtual Machine and depends on how much memory is available. If this value is too high, the process will fail to start and no log information will be generated. TM1 Application Server Gateway URI Specifies the URI to the gateway. The gateway must be located on the same computer as a Web server. External server URI Specifies the external URI used to access the service. Specifies the external URI used to access the service when it is placed behind a firewall. This element will default to the internal service URI. Session timeout (min) Planning service portal session timeout. Specifies the length of idle time permitted before a session is terminated. Force qualified paths Force qualified paths. Force qualified paths. Notifications provider Specifies the Notifications provider. Specifies the Notifications provider, used to control the delivery of notifications. DLS: Emails will be sent (if a mail server is configured), but no notifications will appear in the Cognos Inbox. HTS: Notifications will be sent to the Cognos Inbox, and emails will also be sent if a mail server is configured. Enable Business Viewpoint Enable Business Viewpoint. Enable Business Viewpoint. Business Viewpoint URI Specifies Business Viewpoint URI. Specifies Business Viewpoint URI. Enable Scorecarding Enable Scorecarding. Enable Scorecarding. Cognos Connection Folder Name Specify the default name of the IBM Cognos folder. Used to specify the default name of the IBM Cognos folder which will be created at the Public Folders level to contain URL objects. Application definition path The path to the location of the TM1 Application definitions. This may be a UNC reference. Used to specify the location of the application definition files. User preference path The path to the location of the User preference files. Used to specify the location of the user preference files. This only applies to TM1 servers authenticated using Native TM1 security. Service configuration file path Specifies the location of the string xml files that store the TM1 Application Server configuration. Specifies the name of the folder where the string xml files are located. TM1 Application Server Dispatcher URI Specifies the URI to the dispatcher that processes requests from services on the same computer. User ID and password Specifies the user ID and password. This value identifies the planning user that has access privileges to the planning server. Services use this account to authenticate with the planning server. Namespace Specifies the namespace information. This property is optional. It specifies the namespace information required for authentication. TM1 Clients Configuration settings for TM1 Clients Provisioning URI Specifies the URI of provisioning site. Specifies the URI of provisioning site. This element will default to planning service application URI. Allow provisioned installs Specifies whether clients may be provisioned from the TM1 Application Server. Specifies whether client software may be provisioned to end user machines. Allow provisioned updates Specifies whether existing clients may be updated from the TM1 Application Server. Specifies whether existing client software on end user machines may be updated if the TM1 Application Server is updated. Enable publish from Cognos Insight Enable publish from Cognos Insight. Enable publish from Cognos Insight. Cognos Insight ping frequency (seconds) Specifies the frequency that the Cognos Insight pings TM1 Application Server. Specifies the frequency that the Cognos Insight client, in 'Contributor mode' pings the TM1 Application Server. Default is 30 seconds. Start Starting TM1 Application Server Stop Stopping TM1 Application Server TM1 Excel service Defines a group of properties for the TM1 Excel service TM1 Excel service support TM1 Web with Export to Excel capabilities. Start Starting TM1 Excel service Stop Stopping TM1 Excel service Install Registering TM1 Excel service Uninstall Unregistering TM1 Excel service TM1 Admin Server Defines a group of properties for the TM1 Admin Server. TM1 Admin Server host port number Specifies the TCP port number used by TM1 Admin Server for unsecured communication. TM1 Admin Server SSL port number Specifies the TCP port number used by TM1 Admin Server for secured (SSL) communication. Support non-SSL clients? Specifies if the TM1 Admin Server supports non-SSL TM1 clients. Set the parameter to true to configure TM1 Admin Server to support non-SSL clients and to listen for client connections on both secured (SSL) and unsecured ports. If set to false TM1 Admin Server will support only SSL client connections on the secured port. Diffie-Hellman 2048 bit key file location Specifies the location of the Diffie-Hellman 2048 bit key file. The full path of the file that contains a pre-generated Diffie-Hellman 2048 bit key. The generation of Diffie-Hellman parameters can be computationally expensive. To minimize the consumption of resources and to reduce the amount of time required to load the TM1 server, the Diffie-Hellman 2048 bit key should be pre-generated and stored in a file that is read when the TM1 Admin Server starts. Diffie-Hellman 1024 bit key file location Specifies the location of the Diffie-Hellman 1024 bit key file. The full path of the file that contains a pre-generated Diffie-Hellman 1024 bit key. The generation of Diffie-Hellman parameters can be computationally expensive. To minimize the consumption of resources and to reduce the amount of time required to load the TM1 server, the Diffie-Hellman 1024 bit key should be pre-generated and stored in a file that is read when the TM1 Admin Server starts. Diffie-Hellman 512 bit key file location Specifies the location of the Diffie-Hellman 512 bit key file. The full path of the file that contains a pre-generated Diffie-Hellman 512 bit key. The generation of Diffie-Hellman parameters can be computationally expensive. To minimize the consumption of resources and to reduce the amount of time required to load the TM1 server, the Diffie-Hellman 512 bit key should be pre-generated and stored in a file that is read when the TM1 Admin Server starts. Certificate file location Specifies the location of the certificate file. The full path of the TM1 Admin Server certificate file, which contains the public/private key pair. Certificate revocation file location Specifies the location of the certificate revocation file. The full path of the TM1 Admin Server certificate revocation file. A certificate revocation file will only exist in the event a certificate had been revoked. Export TM1 Admin Server certificate? Specifies whether the TM1 Admin Server certificate should be exported from the Windows certificate store. If the parameter value is true the TM1 Admin Server certificate is exported from the Windows certificate store when the certificate is requested by the TM1 Admin Server. You must also set the following TM1 Admin Server parameters: 'TM1 Admin Server export key ID', 'TM1 Admin Server certificate ID', 'TM1 Admin Server private key password file location', 'TM1 Admin Server password key file location', 'TM1 Admin Server certificate authority file location'. For details on using your own security certificates and exporting certificates from the Windows certificate store, see Using Independent Certificates topic in TM1 Operation Guide. TM1 Admin Server export key ID Specifies the identity key used to export the TM1 Admin Server certificate from the Windows certificate store. This parameter is used only if you use the certificate store. TM1 Admin Server certificate ID Specifies the name of the principal to whom the TM1 Admin Server certificate is issued. TM1 Admin Server private key password file location Specifies the location of the private key password file. The full path of the file that contains the encrypted password for the TM1 Admin Server private key. TM1 Admin Server password key file location Specifies the location of the password key file. The full path of the file that contains the key used to encrypt and decrypt the password for the private key. TM1 Admin Server certificate authority file location Specifies the full path to the certificate authority file. TM1 Admin Server IP support Specifies the Internet Protocol(s) which the TM1 Admin Server will support. IPv4 IPv6 Dual (IPv4 and IPv6) Activity interval in seconds Specifies the interval in seconds wherein the TM1 Server will notify the TM1 Admin Server that it is active. Inactivity timeout in seconds Specifies the interval in seconds that the TM1 Server is allowed to be inactive before it is removed from the TM1 Admin Server. TM1 Admin Server Certificate Version Specifies which version of the TM1 generated SSL certificates to use. By default, the 1024-bit encryption version of the TM1 generated certificates is used. Change this parameter only if you want to use the new 2048-bit encryption version of the default certificates. You can use the new version with old and new TM1 clients, but you must configure the clients to use the new certificate authority file. This parameter does not apply if you are using your own SSL certificates. Valid values include: 1 = certificate authority to enable 1024-bit encryption with sha-1 (default value); 2 = certificate authority to enable 2048-bit encryption with sha-256. Start Starting TM1 Admin Server Stop Stopping TM1 Admin Server Register Registering the TM1 Admin Server service.

TM1 Server Defines a group of properties for the TM1 Server. TM1 Server instances TM1 Server instance Defines a group of properties for a TM1 Server instance. TM1 Server configuration path Specifies the path to the TM1 configuration file. The TM1 Server configuration file is tm1s.cfg. It contains configuration settings such as DataDirectory and ServerName. This path can be absolute or relative to the IBM Cognos installation's bin directory or bin64 directory in 64-bit installations (e.g. C:\\Program Files\\IBM\\Cognos\\TM1\\bin). Start Starting TM1 Server Stop Stopping TM1 Server Register Registering the TM1 Server service. Unregister Unregistering the TM1 Server service.

Maximum file attachment size in MB This parameter specifies the maximum size of a file attachment that can be uploaded to the Business Viewpoint server. A value of 0 indicates that the maximum size is unlimited. Tomcat Server Defines a group of properties for the Tomcat application server. Business Viewpoint web application runs under the Tomcat server. HTTP/1.1 port number Specifies the TCP port number on which the Tomcat server listens for client connections. SSL HTTP/1.1 port number Specifies the TCP port number on which the Tomcat server listens for SSL client connections. Use SSL port Specifies if all requests sent to the default port have to be rerouted to SSL port Shutdown port number Specifies the TCP port number on which the Tomcat server listens for a shutdown request. Session timeout in minutes Specifies the time between client requests before the servlet container invalidates the session. A value of -1 indicates the session should never timeout. Start Starting Tomcat Stop Stopping Tomcat

Business Viewpoint Repository Business Viewpoint Repository properties. Specifies the database type for the Business Viewpoint repository. Notification Defines a group of properties that provides access to a mail server account. Use this group of properties to configure an account from which all notifications are sent. Default Reply-To Address Specifies the email address for Reply-To. This setting specifies the email address of the 'Reply-To' of outgoing messages. Use a valid email address.

Business Viewpoint Server Defines a group of properties for IBM Cognos Business Viewpoint server. Use these properties to specify connection information for the main Business Viewpoint server. Server host Specifies the name of the Business Viewpoint server machine. Server port number Specifies the TCP port number on which the Business Viewpoint server listens for client connections. Business Viewpoint Client Adapters Defines the adapters for IBM Cognos Business Viewpoint Client. Use these properties to configure the Business Viewpoint Client adapters. Adapter Specifies the adapter type. You cannot change the value of this property. It is automatically set when you choose the type of a new adapter. Relational Database Defines a group of properties for the Business Viewpoint Client Relational Database adapter. Analyst Defines a group of properties for the Business Viewpoint Client Analyst adapter. Version Specifies the version of IBM Cognos Analyst. 8.1 8.3 8.4 8.4.1 10.1 or 10.1.1 User name and password Specifies the user name and password to log on to IBM Cognos Analyst. User credentials are required for Analyst versions 7.3 and 8.1. For more recent versions, this parameter is not necessary. Namespace Specifies the IBM Cognos Analyst namespace. The namespace is required for Analyst versions 7.3 and 8.1. For more recent versions, this parameter is not necessary. Contributor prior to version 8.4 Defines a group of properties for the Business Viewpoint Client Contributor adapter (Contributor prior to version 8.4). User Import Location Specifies a location from where the user will import the e.List, access table, and rights to Contributor Administration Console (exported from the Business Viewpoint server using Business Viewpoint Client). User Export Location Specifies a location to which the user will export the e.List, access table, and rights from Contributor Administration Console, which will then be imported to the Business Viewpoint server using Business Viewpoint Client. Contributor version 8.4 or later Defines a group of properties for the Business Viewpoint Client Contributor adapter (Contributor version 8.4 or later). IBM Cognos dispatcher URI Specifies the IBM Cognos dispatcher URI. IBM Cognos namespace ID Specifies the IBM Cognos namespace. IBM Cognos user name and password Specifies the IBM Cognos user name and password. Controller Defines a group of properties for the Business Viewpoint Client Controller adapter. Controller user name Specifies the Controller user name. Specifies the Controller database parameters. IBM InfoSphere Master Data Management Server Defines a group of properties for the adapter that you use to move data between IBM InfoSphere Master Data Management Server and IBM Cognos Business Viewpoint. IBM InfoSphere Master Data Management Server Database connection string The location where data is stored when it is loaded into IBM Cognos Business Viewpoint Studio. IBM InfoSphere Master Data Management Server Staging Database connection string The location where data is written when updating data from IBM Cognos Business Viewpoint Studio to IBM InfoSphere Master Data Management Server. TM1 Defines a group of properties for the Business Viewpoint Client TM1 adapter. TM1 Version Specifies the version of IBM Cognos TM1. 9.4 9.5 or later TM1 Server name Specifies the name of the TM1 Server. TM1 Admin host Specifies the name of the TM1 Admin server machine. TM1 user name and password Specifies the user name and password for the TM1 server that uses TM1 native authentication. IBM Cognos gateway URI Specifies the IBM Cognos gateway URI for CAM authentication. To use Cognos Access Manager (CAM) security for IBM Cognos TM1 9.4 or higher, enter the gateway information. This box is optional. If you leave it blank, you will be prompted to enter the gateway URI when you start the TM1 adapter. IBM Cognos namespace ID Specifies the IBM Cognos namespace for CAM authentication. To use Cognos Access Manager (CAM) security for IBM Cognos TM1 9.4 or higher, enter the name of the namespace. This box is optional. If you leave it blank, you will be prompted to enter the namespace when you start the TM1 adapter. IBM Cognos user name and password Specifies the IBM Cognos user name and password for CAM authentication. To use Cognos Access Manager (CAM) security for IBM Cognos TM1 9.4 or higher, enter the user name and password that all users will use. This box is optional. If you leave it blank, you will be prompted to enter the user name and password when you start the TM1 adapter. CSV files Defines a group of properties for the Business Viewpoint Client CSV files adapter. CSV file location Specifies a directory on the file system where you want to store the CSV files. The directory is used to export and import the CSV files to and from the Business Viewpoint server. Ensure the directory already exists. Transformer Defines a group of properties for the Business Viewpoint Client Transformer adapter.

Authentication Defines general properties related to authentication that apply to all users. Use this group of properties to set the security environment that all users share, regardless of user identity or role, or authentication provider. Inactivity timeout in seconds Specifies the maximum number of seconds that a user's session can remain inactive before they must re-authenticate. Use this property to automatically log off the user after a set period of inactivity. Ensure that the period is appropriate for both security and convenience considerations. Allow session information to be shared between client applications? Specifies whether a client application can share session information with another client on the same machine. To establish a single signon between multiple clients on the same machine, session information must be shared between the applications. However, for security reasons it may not be desirable to allow single signon. This parameter has no impact on integrated windows authentication. Restrict access to members of the built-in namespace? This parameter allows administrators to restrict user access to the application. When this parameter is enabled, users can only access the application if they belong to at least one group or role within the built-in namespace (does not include the group "All Authenticated Users"). Automatically renew trusted credential Specifies whether the user's trusted credential is automatically renewed after logging on. You can set this property off, set it to the primary namespace only, or set it to all namespaces. Off Primary namespace only All namespaces Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Namespace Specifies the type of security used for authenticating users. You cannot change the value of this property. It is automatically set when you choose the namespace type in the Explorer window. Active Directory Defines a group of properties that allows the product to access an Active Directory namespace for user authentication. Use this group of properties to allow the product to access an existing Active Directory authentication provider. Use the following syntax to specify the host name and port for the directory server:host:port; for example, localhost:389. Ensure that if you use a fully qualified name for your computer that your DNS is set up to resolve it. If you specifically wish to use SSL for the connection to the Active Directory Server, the server name must match the name specified in the certificate and the server port must be the SSL port. Binding credentials Specifies the credentials ( userID and password ) used to bind to the Active Directory Server to find out the detail authentication failure reason when the authentication failed. This value corresponds to an Active Directory Server user who has search and read privilege to the user of the Active Directory Server. Application Tier Components sAMAccountName Specifies the sAMAccountName of the user running Application Tier Components. This value must be set if you are using Kerberos authentication with constrained delegation and IBM Cognos BI is installed on Microsoft Windows operating systems. DQM Service Principal Name Specifies the full DQM Service Principal Name, exactly as it is in the keytab file. This value must be set if you use Kerberos Authentication with Single Sign On (Active Directory) for Dynamic Query Mode, and you don't create explicit Kerberos Login Module configuration. DQM will create the configuration using this value, and a default name and location for the keytab file - configuration\ibmcognosba.keytab. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify properties for user entries. Use this set of custom properties to define additional account information. Cognos Defines a group of properties related to authentication that applies to all users. Use this group of properties to control access to resources based on user identity. Do not delete the namespace, or you will not be able to save your configuration. To restore the namespace, right-click Authentication, click New, Namespace Type, select the Cognos Namespace from the list of available types and specify a name. Allow anonymous access? Specifies whether anonymous access is allowed. By default, anonymous authentication process doesn't require the user to provide logon credentials. The anonymous authentication uses a pre-defined account under which all anonymous users are logged in. Disable use of Content Manager? LDAP - General default values Defines a group of properties that allows the product to access an LDAP server for user authentication. Use this group of properties to provide access to an existing LDAP server. LDAP Bind user DN and password Specifies the credentials used for binding to the LDAP server when performing a search using the user lookup property, or when performing all operations using the external identity mapping. This value corresponds to an LDAP user who has read and search access to the user branch of the LDAP directory server. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Folder mappings (Advanced) Groups properties that are used to set advanced folder mappings. Use this group of properties to identify your LDAP object class for corporate entries. Group mappings (Advanced) Groups properties that are used to set advanced group settings. Use this group of properties to identify your LDAP object class for group entries. Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. LDAP - Default values for Active Directory Defines a group of properties that allows the product to access an LDAP server for user authentication. Use this group of properties to provide access to an existing LDAP server. LDAP Bind user DN and password Specifies the credentials used for binding to the LDAP server when performing a search using the user lookup property, or when performing all operations using the external identity mapping. This value corresponds to an LDAP user who has read and search access to the user branch of the LDAP directory server. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Folder mappings (Advanced) Groups properties that are used to set advanced folder mappings. Use this group of properties to identify your LDAP object class for corporate entries. Group mappings (Advanced) Groups properties that are used to set advanced group settings. Use this group of properties to identify your LDAP object class for group entries. Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. LDAP - Default values for IBM Tivoli Defines a group of properties that allows the product to access an LDAP server for user authentication. Use this group of properties to provide access to an existing LDAP server. LDAP Bind user DN and password Specifies the credentials used for binding to the LDAP server when performing a search using the user lookup property, or when performing all operations using the external identity mapping. This value corresponds to an LDAP user who has read and search access to the user branch of the LDAP directory server. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Folder mappings (Advanced) Groups properties that are used to set advanced folder mappings. Use this group of properties to identify your LDAP object class for corporate entries. Group mappings (Advanced) Groups properties that are used to set advanced group settings. Use this group of properties to identify your LDAP object class for group entries. Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. LDAP - Default values for Oracle Directory Server Defines a group of properties that allows the product to access an LDAP server for user authentication. Use this group of properties to provide access to an existing LDAP server. LDAP Bind user DN and password Specifies the credentials used for binding to the LDAP server when performing a search using the user lookup property, or when performing all operations using the external identity mapping. This value corresponds to an LDAP user who has read and search access to the user branch of the LDAP directory server. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Folder mappings (Advanced) Groups properties that are used to set advanced folder mappings. Use this group of properties to identify your LDAP object class for corporate entries. Group mappings (Advanced) Groups properties that are used to set advanced group settings. Use this group of properties to identify your LDAP object class for group entries. Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. IBMid Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. W3ID Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Google Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Ping Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. SalesForce Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. ADFS Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. IBM Cloud Identity Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. OKTA Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Azure AD Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. MS Identity Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Site Minder Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Specifies the OpenID claim issuer. The value looks like: https://<SiteMinder fully qualified hostname> Specifies the OpenID Connect token endpoint, using the following syntax: https://<SiteMinder fully qualified hostname:port>/affwebservices/CASSO/oidc/token Specifies the OpenID Connect authorization endpoint, using the following syntax: https://<SiteMinder fully qualified hostname:port>/affwebservices/CASSO/oidc/authorize Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your LDAP object class for user entries. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Generic Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Discovery endpoint configuration Groups properties that are used to set the discovery endpoint configuration. Use this group of properties if your Identity Provider supports a discovery document and if you have configured the namespace to use a discovery document. Non-discovery endpoint configuration Groups properties that are used to set the non-discovery endpoint configuration. Use this group of properties if your Identity Provider does not support a discovery document and if you have configured the namespace not to use a discovery Specifies the OpenID Connect token endpoint, using the following syntax: https://<hostname:port>/<path> Specifies the OpenID Connect authorization endpoint, using the following syntax: https://<hostname:port>/<path> Application configuration Groups properties that are used to set the application configuration. Use this group of properties to configure your Identity Provider's application settings. Identity provider authentication Groups properties that are used to set authentication configuration. Use this group of properties to configure how your Identity Provider behaves when invoking the authorize and token endpoints. Token endpoint authentication Groups properties that are used to specifies how to authenticate to the Identity Provider when invoking the token endpoint. Use this group of properties to configure how your Identity Provider behaves when invoking the token endpoints. Client secret Token signature verification Groups properties that are used to set token signature verification configuration. Use this group of properties to configure how the namespace provider finds the keys that are used to verify the id_token signature. Specifies the OpenID Connect endpoint for retrieving JWT signing keys. Password grant Groups properties that are used to set password grant flow configuration. Use this group of properties to configure how your Identity Provider behaves when invoking the password grant flow. Scheduling credentials Groups properties that are used to set scheduling credential configuration. Use this group of properties to configure how the namespace provider behaves when creating trusted credentials for scheduled tasks. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Account mappings (Advanced) Groups properties that are used to set advanced account settings. Use this group of properties to identify your OIDC claims for user entries. Account claim encoding Specifies if the claims in the id_token are URL encoded. Set this value to URL encoded if the claims in the id_token are URL encoded. Set this value to Not encoded if the claims in the id_token are not encoded. URL encoded Not encoded Business phone Specifies the OIDC claim used for the "businessPhone" property for an account. Content locale Specifies the OIDC claim used for the "contentLocale" property for an account. Description Specifies the OIDC claim used for the "description" property for an account. Email Specifies the OIDC claim used for the "email" property for an account. Fax/Phone Specifies the OIDC claim used for the "faxPhone" property for an account. Given name Specifies the OIDC claim used for the "givenName" property for an account. Home phone Specifies the OIDC claim used for the "homePhone" property for an account. Member of Specifies the OIDC claim used for the "memberOf" property for an account. Mobile phone Specifies the OIDC claim used for the "mobilePhone" property for an account. Name Specifies the OIDC claim used for the "name" property for an account. Pager phone Specifies the OIDC claim used for the "pagerPhone" property for an account. Postal address Specifies the OIDC claim used for the "postalAddress" property for an account. Product locale Specifies the OIDC claim used for the "productLocale" property for an account. Surname Specifies the OIDC claim used for the "surname" property for an account. User name Specifies the OIDC claim used for the "userName" property for an account. Use this set of custom properties to define additional account information. The "name" field corresponds to the property name set in the account while the "value" corresponds to the claim name in the id_token. IBMid Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy W3ID Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy Google Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy Ping Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy SalesForce Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy ADFS Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy IBM Cloud Identity Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy OKTA Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID Connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy MS Identity Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy Azure AD Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy Site Minder Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy Specifies the OpenID claim issuer. The value looks like: https://<SiteMinder fully qualified hostname> Specifies the OpenID Connect token endpoint, using the following syntax: https://<SiteMinder fully qualified hostname:port>/affwebservices/CASSO/oidc/token Specifies the OpenID Connect authorization endpoint, using the following syntax: https://<SiteMinder fully qualified hostname:port>/affwebservices/CASSO/oidc/authorize Generic Defines a group of properties that allows the product to use an OpenID Connect identity provider for user authentication. Set the values for this group of properties to allow the product access to your existing OpenID connect identity provider. This external resource must already exist in your environment and be configured to use for authentication. OpenID Connect Authentication Proxy Discovery endpoint configuration Groups properties that are used to set the discovery endpoint configuration. Use this group of properties if your Identity Provider supports a discovery document and if you have configured the namespace to use a discovery document. Non-discovery endpoint configuration Groups properties that are used to set the non-discovery endpoint configuration. Use this group of properties if your Identity Provider does not support a discovery document and if you have configured the namespace not to use a discovery Specifies the OpenID Connect token endpoint, using the following syntax: https://<hostname:port>/<path> Specifies the OpenID Connect authorization endpoint, using the following syntax: https://<hostname:port>/<path> Application configuration Groups properties that are used to set the application configuration. Use this group of properties to configure your Identity Provider's application settings. Identity provider authentication Groups properties that are used to set authentication configuration. Use this group of properties to configure how your Identity Provider behaves when invoking the authorize and token endpoints. Token endpoint authentication Groups properties that are used to specifies how to authenticate to the Identity Provider when invoking the token endpoint. Use this group of properties to configure how your Identity Provider behaves when invoking the token endpoints. Client secret Token signature verification Groups properties that are used to set token signature verification configuration. Use this group of properties to configure how the namespace provider finds the keys that are used to verify the id_token signature. Specifies the OpenID Connect endpoint for retrieving JWT signing keys. Password grant Groups properties that are used to set password grant flow configuration. Use this group of properties to configure how your Identity Provider behaves when invoking the password grant flow. Scheduling credentials Groups properties that are used to set scheduling credential configuration. Use this group of properties to configure how the namespace provider behaves when creating trusted credentials for scheduled tasks. SAP Defines a group of properties that allows the product to use an SAP server for user authentication. Set the values for this group of properties to allow the product access to your existing SAP server. This external resource must already exist in your environment and be configured to use for authentication. SAP logon client Specifies the name of the SAP logon client. Specifies the SAP client number. Host Specifies the host name of the SAP server. Use this property so that you can connect to the computer that runs one or more SAP instances. SAP system number Specifies the SAP system number. The number must be an integer between 0 and 99. SAP BW Server Code Page Specifies the SAP BW server code page used to convert user credentials to the correct encoding. Use this property to convert the user ID and password from UTF8 encoding to the encoding used by the SAP server. To enable single signon, specify the same SAP Code page in the portal on the Data Sources page for the SAP BW connection string. SAP CP 1100: Western European (ISO 8859-1: Latin-1) SAP CP 1160: Western European (Windows-1252: Latin-1) SAP CP 1401: Central and Eastern European (ISO 8859-2: Latin-2) SAP CP 1404: Central and Eastern European (Windows-1250: Latin-2) SAP CP 1610: Turkish (ISO 8859-9) SAP CP 1614: Turkish (Windows-1254) SAP CP 1700: Greek (ISO 8859-7) SAP CP 1704: Greek (Windows-1253) SAP CP 1800: Hebrew (ISO 8859-8) SAP CP 8000: Japanese (Shift-JIS) SAP CP 8300: Traditional Chinese (Big5) SAP CP 8400: Simplified Chinese (GB2312) SAP CP 8500: Korean (KSC5601) SAP CP 8600: Thai (Windows-874) SAP CP 4110: Unicode (UTF-8) SAP CP 4102: Unicode (UTF-16 Big Endian) SAP CP 4103: Unicode (UTF-16 Little Endian) Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. IBM Cognos Series 7 Defines a group of properties that allows the product to access a IBM Cognos Series 7 namespace. Use this group of properties to provide access to your existing IBM Cognos Series 7 authentication source. This external resource must already exist in your environment and be configured to use for authentication. Namespace name Specifies the name of the IBM Cognos Series 7 namespace. Ensure that the namespace is available. Specifies the maximum number of seconds in which a connection to the directory server must be established. The product uses this value when it binds or re-binds to the directory server. A value of 0 indicates that the timeout is determined by the network connectivity software. The default value (10) sets the number of seconds that the Series7 provider waits for the bind operation to complete Use this property to specify the encoding of data stored in the LDAP directory server. If this property is set to an encoding other than UTF-8, then conversion of the data from the encoding specified will be performed. The encoding value must follow IANA (RFC 1700) or MIME charset specifications. For example, windows-1252, iso-8859-1, iso-8859-15, Shift_JIS, utf-8, etc. If the Series 7 namespace version is 16.0 or greater, then this value must be set to UTF-8. If the Series 7 namespace version is 15.2 or lower, then this value must be set to the encoding of the system used to update the Access Manager data. To determine the namespace version, launch the Series 7 Access Manager - Administrator tool. Logon to the appropriate namespace, right click on the namespace name, and choose properties. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Cookie settings Defines a group of properties that allows single sign-on between IBM Cognos Series 7 and IBM Cognos products. Set this group of properties to allow users to access multiple IBM Cognos products without having to re-enter authentication data. These property values must match the cookie settings you specified for your Series 7 installation. SiteMinder Defines a group of properties that allows the product to access a CA SiteMinder installation for user authentication. Use this group of properties to provide access to an existing CA SiteMinder installation. SiteMinder agent Defines a group of properties that specifies agent information. Use this group of properties to identify the information specific to a SiteMinder agent. Agent name Specifies the agent name as registered with the Policy Server. This property is case-sensitive. Shared secret Specifies the shared secret registered with the Policy Server for this agent. This property is case-sensitive. SiteMinder Policy Server Defines a group of properties that allows the product to access a list of SiteMinder Policy Servers for user authentication. Use this group of properties to provide access to an existing pool of SiteMinder Policy Servers. Failover mode enabled? Specifies whether to use fail over. If this property is set to true, when a connection fails, a new connection is made to the list of servers in the specified order. Set this value to false to access the Policy Servers in a round-robin configuration. SiteMinder Policy Server Defines a group of properties to identify the information specific to a SiteMinder Policy Server. Use this group of properties to provide access to an existing SiteMinder Policy Server. SiteMinder Policy Server Defines a group of properties to identify the information specific to a SiteMinder Policy Server. Use this group of properties to provide access to an existing SiteMinder Policy Server. Host Specifies the host name of the Policy Server. Ensure that if you use a fully qualified name for your computer that your DNS is set up to resolve it. Otherwise, use the IP address. Minimum number of connections Specifies the minimum number of TCP connections. Use this property to specify the initial number of TCP connections. Maximum number of connections Specifies the maximum number of TCP connections. Use this property to specify the maximum number of TCP connections. Number of connections increment Specifies the increment by which the number of TCP connections will be increased. Use this property to specify the number of TCP connections that will be added, when necessary. Request timeout in seconds Specifies the maximum number of seconds to wait for the agent to get a response from the Policy Server. Use this property to specify the number of seconds until it is determined that the agent cannot reach the Policy Server. Authentication port Specifies the authentication port of the SiteMinder Policy Server. Use this property to specify the authentication port that the Policy Server uses to listen for an agent connection. Authorization port Specifies the authorization port of the SiteMinder Policy Server. Use this property to specify the authorization port that the Policy Server uses to listen for an agent connection. Accounting port Specifies the accounting port of the SiteMinder Policy Server. Use this property to specify the accounting port that the Policy Server listens for an agent connection. User directory Defines a list of mappings between the SiteMinder user directory and an the authentication namespace. The name must match the name of the user directory specified in the SiteMinder Policy Server. SiteMinder user directory Specifies the user directory name specified in the SiteMinder Policy Server. Use this list to specify the mappings between a SiteMinder user directory and a the authentication namespace. The name must match the name specified for user directory in the SiteMinder Policy Server. Namespace ID reference Specifies a reference to a unique identifier for an authentication namespace. Use the namespace reference to uniquely identify an authentication namespace. Custom Java Provider Defines a group of properties that allow the product to use a custom Java authentication provider for user authentication. Set the values for this group of properties to provide access to your existing Java authentication provider. This external resource must already exist in your environment and be configured to use for authentication. Java class name Specifies the Java class name of the authentication provider to use for authentication. Set the value of this property to the name of your Java class name. This class and its dependents must be in the Java CLASSPATH. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. RACF Defines a group of properties that allows the product to access a RACF server for user authentication. Use this group of properties to provide access to an existing RACF server. Specifies the base distinguished name of the RACF server. Enable identity mapping Specifies whether to use the identity mapping for user authentication. Binding credentials Specifies the credentials used for binding to the RACF server when performing a search or when performing all operations using the identity mapping. This value corresponds to a RACF user who has read and search access to the user branch of the RACF directory server. Enable SSL? Specifies that the RACF server expects SSL communication. Use this property to specify if SSL should be used when communicating with the RACF server. The value depends on your environment. As a general rule, the minimum value for this setting should be greater than the maximum number of groups or users plus 100. When the size limit is reached the directory server stops searching. The default value of -1 indicates that the value on the RACF server will be used. The product uses this value when it requests authentication from the namespace on your directory server. The value depends on your reporting environment. If the duration is exceeded, the search is timed out. The default value -1 indicates that the value on the RACF server will be used. Multitenancy Groups properties that are used to configure multitenancy settings. Use this group of properties to specify how tenant and tenant bounding set information is identified. Account mappings (Advanced) A Group of properties that is used to set advanced account settings. Use this group of properties to set your advanced mapping for user profiles. Base segment DATA Specifies the account property that will be mapped to the RACF Base Segment field, "DATA". None Business phone Email Fax phone Given name Home phone Mobile phone Pager phone Postal address Surname TSO segment USERDATA Specifies the account property that will be mapped to the RACF TSO Segment field, "USERDATA". None Business phone Email Fax phone Given name Home phone Mobile phone Pager phone Postal address Surname Cryptography Defines a group of properties that enables secure communication between the product components and data encryption. To use a cryptographic provider that already exists in your environment, you must delete the default provider. You can only use one cryptographic provider at a time. Right-click Cryptography, click New and then click Provider to use a different cryptographic provider. After you select the provider, you can use this group of properties to protect the information in your system from unauthorized access. Standards conformance Specifies the cryptographic standard that IBM Cognos should enforce. Use this property to specify what cryptographic standard should be enforced in this install. This parameter may cause the save operation to fail if other parameters are changed to values not allowed in the selected standard. NIST SP 800-131A IBM Cognos CSK settings Defines a group of properties that allows components to access the common symmetric key store. Use this group of properties to create the database that stores and manages the common symmetric key and to specify its location and the password used to protect access to it. Store symmetric key locally? Specifies whether the common symmetric key can be stored on the local computer. If this value is set to false, then the Common Symmetric Key (CSK) is not stored locally. In this case, each cryptographic operation requiring the CSK must fetch it from the server. Common symmetric key store location Specifies the location of the common symmetric key store database. For distributed installations, set this property to point to the computer where you created the key store. The key store is in a global location to provide access from different computers. Common symmetric key store password Specifies the password used to protect the common symmetric key store database. This password provides an additional level of security not available when storing keys in files. By default, this password is immediately encrypted when you save your configuration. Common symmetric key lifetime in days For servers running Content Manager, specifies the maximum number of days that the CSK is valid. The validity period that you set for the CSK depends on a number of factors, such as the sensitivity of your data. Provider Specifies the cryptographic provider used by the product. The value of this property is set when you select the cryptographic provider from the list of available types. You cannot change the value of this property. Cognos Defines a group of properties for the Cognos cryptographic provider. Configure these properties to set the encryption services and CA service for all components accessing a single content store. Confidentiality algorithm Specify the confidentiality algorithm. Use this property to specify the encryption algorithm when transmitting information. PDF Confidentiality algorithm Specify the PDF confidentiality algorithm. Use this property to specify the encryption algorithm when encrypting PDF data. Supported ciphersuites Specifies a list of supported ciphersuites in priority sequence. Use this property to specify what ciphersuites are acceptable in this install. The selected ciphersuites are then presented to the SSL negotiation in priority sequence for both client and server sides of the negotiation. At least one of the selected ciphersuites between configured client and server platforms must match. Key store password Specifies the password used to protect the key store. This password is required to secure the IBM Cognos keystore. It provides an extra layer of security by encrypting the keystore file using a password. Identity name Defines a group of properties that establishes the identity of the local computer. These properties define the Distinguished Name (DN) of the local computer. A distinguished name (DN) is a unique identifier and is a fully qualified name that is required to specify the owner and issuer of a certificate. Server common name Specifies the common name (CN) portion of the distinguished name (DN) for this computer. An example of a common name is the host name of the computer. Organization name Specifies the organization name (O) used in the distinguished name (DN). An example of an organization is MyCompany. Country or region code Specifies the two-letter country or region code used in the distinguished name (DN). For example, the code for Japan is JP. Certificate Authority settings Defines a group of properties for the Certificate Authority. Use this group of properties to configure the Certificate Authority service. Use third party CA? Specifies whether to use an external Certificate Authority. If this value is set to true, the IBM Cognos Certificate Authority service is not used. A third party Certificate Authority will manually process certificate requests. Certificate Authority service common name Specifies the common name (CN) portion of the distinguished name (DN) for the Certificate Authority service computer. An example of a common name is the host name of the computer. Do not use localhost. Password Specifies the password used to validate certificate requests sent to the Certificate Authority service. This property must be the same for clients using the Certificate Authority and the Certificate Authority service itself. For example, the password you specify for IBM Cognos installations that do not have Content Manager must match the password you specify for the installation that has Content Manager. The Certificate Authority service is installed with the Content Manager. By default, this password is immediately encrypted when you save your configuration. Certificate lifetime in days Specifies the maximum number of days that a certificate signed by the Certificate Authority service is valid. The validity period that you set for certificates depends on a number of factors, such as the strength of the private key used to sign the certificate. Subject Alternative Name Defines a group of properties for the Subject Alternative Name extension. Use this group of properties to configure Subject Alternative Name that is associated with the security certificate. DNS names A space-separated list of DNS names that are added to the Subject Alternative Name extension in the server certificate. At least one DNS name should be added to the certificate. The name should match the fully qualified host name that is used to connect to the server. Specifies the DNS names that are added to the Subject Alternative Name extensions in the server certificate. IP addresses A space-separated list of IP addresses that will be added to the Subject Alternative Name extension in the server certificate. This property is only required if clients will be connecting to this server using an IP address. Otherwise, it can be left empty. Specifies the IP addresses that are added to the Subject Alternative Name extensions in the server certificate. E-mail addresses A space-separated list of e-mail addresses that are added to the Subject Alternative Name extension in the server certificate. If no e-mail addresses are required, this property can be left empty. Specifies the e-mail addresses that are added to the Subject Alternative Name extensions in the server certificate. SSL settings Defines a group of properties for configuring advanced SSL settings. Use these properties to configure secure communication between IBM Cognos components over secure sockets layer (SSL). Use mutual authentication? Specifies whether mutual authentication is required. Set the value of this property to 'true' if both components or computers involved in the communication must prove their identity. Mutual authentication is carried out by using certificates, which are exchanged by the communicating components at the time they initiate connections. Use confidentiality? Specifies whether to use encryption to ensure confidentiality of all transmitted information. If the value of this property is set to 'false', information that is transmitted will not be encrypted. SSL Protocols Select protocol of SSL connection. Note: If you select 'TLS1.2,TLS1.1,TLS1.0' option, it will enable TLS1.0. Please contact the JRE vendor for information on disabling TLS1.0. TLS1.2 JVM trust store password Specifies the password for JVM trust store. Change to your own password if you don't want to use the default password of JVM trust store. Ensure that the password matches the password of your JVM trust store. Advanced algorithm settings Defines a group of properties for configuring cryptographic algorithms. Use these advanced properties to specify the cryptographic algorithms to use. Digest algorithm Specifies the digest algorithm. Use this property to specify the message digest algorithm that is used when hashing data. MD5 MD2 SHA SHA-1 SHA-256 SHA-384 SHA-512 Signing key pair algorithm Specifies the signing key pair algorithm. Use this property to specify the algorithm that is used when signing data. RSA DSA (Digital Signature Algorithm) Replication Defines general properties related to replication of user session data. Use this group of properties to set the settings for IBM Cognos authentication services to enable user session replication. Enable replication? Specifies whether user session replication is enabled. Use this property to enable or disable user session data replication across authentication services. Peer listener port number Specifies the port used for peer discovery. A value of 0 means that the server will select an available port automatically. When a value other than 0 is specified, ensure that you specify a port that is not already in use. The port communication uses mutually authenticated SSL/TLS protocol. RMI replication port number Specifies the port used for RMI communication. A value of 0 means that the server will select an available port automatically. The RMI port is the communication port used by the Java Remote Method Invocation API. When a value other than 0 is specified, ensure that you specify a port that is not already in use. The port communication uses mutually authenticated SSL/TLS protocol.

Deployment files location Specifies the location where deployment archives are stored. Because a deployment archive can contain sensitive information, for security reasons you may wish to restrict access to this location.

Content Manager Defines a component that manages content and security policies. Content Manager must be able to connect to an external database that stores content. Save report outputs to a file system? Specifies whether to save report outputs to a file system through the Content Manager Advanced Setting (i.e. CM.OUTPUTLOCATION). Use this flag to enable/disable the feature to save report outputs to a file system by Content Manager Service. Please note that this feature is completely different than the new report run option to archive a report output to a file system by Delivery Service. Report output formats that you can save include: PDF, CSV, XML, Excel 2002, and HTML which do not have embedded graphics. Report outputs that you cannot save include: HTML fragment, XHTML, or Excel 2000 single sheet formats.

Mobile Defines a group of properties used to connect to the mobile database. Use these properties to specify the type of database for Mobile and the connection information required to access it. Mobile supports DB2, SQL Server and Oracle. To do this, right-click Mobile, click New resource, Database, select the database type and then configure the resource properties. Specifies the database type for the mobile content store.

Notification Defines a group of properties that provides access to a mail server account or to IBM Cognos content. Use this group of properties to configure an account from which all notifications are sent. The Notification component also requires access to a database that will be used to store Notification content. This means that in a distributed installation all Notification components must point to the same database. To do this, right-click Notification, click New, Database and then type a name and select the database type. If the Notification component is on the same computer as Content Manager, you are not required to configure a database resource for the Notification component. Specifies the database type for the Notification. Specifies whether mail server connection should use SSL encryption. Use this property to enable SSL encryption for mail server connection.

Human Task and Annotation Services Defines a group of properties that provides access to Human Task and Annotation Services content. Use this group of properties to configure the access to the database that will be used to store Human Task and Annotation Services content. Specifies the database type for the Human Task and Annotation Services.

Local Configuration Groups related properties into functional areas for the components installed on the local computer. After you install one or more IBM Cognos components on your computer, you must configure them to work in your reporting environment. Default property settings chosen by IBM, are used to configure the components. You may want to change these default settings if there are conditions that make the default choices inappropriate, or to better suit your environment. Use IBM Cognos Configuration to configure IBM Cognos components after you install them, reconfigure IBM Cognos components if a property changes or you add components to your environment, or to start or stop the IBM Cognos service on the local computer. After you make the changes, save your configuration and then start the IBM Cognos service to apply new settings to your computer. Logging Groups logging related properties. Configure these properties to provide access to the log server and specify where the local log server sends messages. You can configure the local log server to redirect messages to any number of destinations of any available type, such as a file, a database or a remote log server. Tuning Presentation Environment Groups environment related properties. Configure these properties so that installed components can communicate with other IBM Cognos components installed on remote computers. Also use these properties to define settings that are specific to this computer, such as where to store IBM Cognos files. Security Groups security related parameters. Configure these properties to ensure secure communication between IBM Cognos components, to set the security environment that all users share, and to enable encryption. Data Access Groups data access related properties. Configure these properties so that installed components can use an external database to store IBM Cognos application content and security information. Notification Groups notification related properties. If you want to send reports by email, set these properties to provide access to a mail server account. Administrator Override Groups administrator override related properties. Configure these properties to override default system settings.

Data files location Specifies the location where data files created by the product components are stored. You can't delete these files. These files remain on your computer until they are no longer required by the component that created them. Map files location Specifies the location of the folder that contains the IBM Cognos map files (*.cmf). IBM Cognos map files contain drawing information and localized strings used when rendering maps. Temporary files location Specifies the location of the folder that contains recently viewed reports. The product creates temporary files each time you open a report. The product stores these temporary files in the location you specify. The product may not delete all temporary files when it closes and they may remain on your computer until you delete them. Encrypt temporary files? Specifies whether the content of temporary files is encrypted. If recently viewed reports contain sensitive data, set the value of this property to 'true' to encrypt the content of temporary files. Format specification file location Specifies the name and location of a file that contains format specifications. Supported product locales Specifies the list of supported languages for the product interface. Enter a set of 2-character lowercase language code, such as "en". Supported content locales Specifies the list of supported locales for the content of reports, prompts, data, and metadata. Enter a set of 2-character lowercase language-region codes, separated by a hyphen, such as "en-us". Product locale map Specifies the mappings that determine the supported languages for the product interface. Enter a set of 2-character lowercase language code, such as "en". Content locale map Specifies the mappings that determine which locale will be used for the content of reports, prompts, data, and metadata. Enter a set of 2-character lowercase language-region codes, separated by a hyphen, such as "en-us". Supported currencies Specifies the list of supported currencies. Enter a set of ISO 4217 currency codes, such as "USD". Supported fonts Specifies the list of supported fonts. Enter a set of font names, such as "Arial". Sort buffer size in MB Specifies the sort buffer size to use for local processing. Queries which are not processed entirely within a database server may require local processing that involves sorting. Sorting operations use a memory buffer which will overflow to temporary storage for larger sort operations. Increasing the sort memory can improve performance by reducing the number of read and write operations to the temporary storage. Allocating too much memory to concurrent sorting operations may impact the memory management of the operating system. Advanced settings Specifies advanced settings. Enter advanced settings. URI of the BPM server Specifies the REST URI of the BPM server. Enter the REST URI of the BPM server. HTTPOnly Cookie Support Instruct browsers to not allow scripts access to the passport session cookie. Use this property to enable the HTTPOnly attribute on the passport session cookie. When set, the HTTPOnly attribute informs the browser that the session cookie cannot be accessed by browser scripts. Enabling this attribute ensures that the session cookie is more robust against Cross Site Scripting (XSS) attacks. IP Version for Host Name Resolution Specifies the IP version for host name resolution. Use this property to specify the internet protocol version for host name resolution. Use IPv4 addresses Use IPv6 addresses Use JVM preferred IP version Gateway Settings Defines a group of properties that specifies gateway information. Use this group of properties to set the information associated with the gateway. Gateway URI Specifies the URI to the gateway. Use the 'https' or 'http' protocol to select SSL or non-SSL communication. The host name portion of the gateway URI must be changed from localhost to an IP address or a network host name. Gateway namespace Specifies the Namespace ID of the authentication provider to which the gateway connects to verify user credentials. Use this property so that the gateway connects to one namespace. Users logged onto the Web server where the gateway is located are not prompted to choose an authentication source. By default, the gateway uses all configured namespaces and you are prompted to select a namespace. Content Manager sAMAccountName Specifies the sAMAccountName of the user running Content Manager. This value must be set if you are using kerberos authentication with constrained delegation and IBM Cognos BI is installed on Microsoft Windows operating systems. Allow namespace override? Setting this property to true authenticates requests from the Portal Services portlets against the specified namespace for the third-party portal. When integrating IBM Cognos portlets within a third-party portal, it is often a requirement to enable single signon to automatically authenticate users. When enabling single signon, the Allow Namespace Override parameter in IBM Cognos Configuration must be set to true. Additionally, within the third-party portal, a parameter must be set in the IBM Cognos portlets to explicitly point to one distinct namespace ID. The Allow Namespace Override parameter notifies the IBM Cognos portlets to use the namespace defined within the third-party portal for single signon. If you are not using IBM Cognos' portlets within a third-party portal, this setting should remain false. For more information on how to enable single signon for third-party portals, see the Portal Services Administration chapter of the IBM Cognos Administration and Security Guide. Dispatcher URIs for gateway Specifies one or more URIs to Dispatchers that the Gateway may use. This property is used by the gateway to send requests to IBM Cognos. The first dispatcher in the list is the default dispatcher to which requests will be sent. If the first dispatcher becomes unreachable, the second dispatcher in the list becomes the default dispatcher, and so on. The URI values must match External dispatcher URI of dispatchers in your installation except they must also have '/ext' at the end. They must specify a network host name or IP address rather than 'localhost'. Controller URI for gateway Specifies the URI to the IBM Cognos Controller server, if present. This property is used by the gateway to send requests to IBM Cognos Controller server. Dispatcher Settings Defines a group of properties that specifies dispatcher information. Use this group of properties to set the information associated with a dispatcher. External dispatcher URI Specifies the URI to the dispatcher that processes requests from a gateway or service on a remote computer. This property defines the HTTP endpoint through which the dispatcher receives requests that originate on other computers. It identifies this dispatcher to other dispatchers that are part of the same installation. Use the 'https' or 'http' protocol to select SSL or non-SSL communication. Specify a vacant port number. The dispatcher will use the computer's network hostname by default. In some cases it may be necessary to specify the network host name or an IP address. If the host name portion of the URI is set to 'localhost', ensure that 'localhost' is defined on the computer. Internal dispatcher URI Specifies the URI to the dispatcher that processes requests from services on the same computer. This property defines the HTTP endpoint through which the dispatcher receives requests from the local computer. It must have the same value as External dispatcher URI unless you choose to use SSL only for external requests. In that case, External dispatcher URI will specify 'https' and Internal dispatcher URI will specify 'http', and the port numbers must be different. The hostname portion of the URI must refer to the local computer. If the host name portion of the URI is set to 'localhost', ensure that 'localhost' is defined on the computer. Dispatcher password Specifies the password that enables secure communication between Dispatchers. This property is case-sensitive. External JMX port Specifies the port number to the JMX administration interface. Set the value to 0 to disable the interface. External JMX credential Specifies a username and password for securing the JMX administration interface. Be sure to configure a port in addition to setting a username and password. Report Server execution mode Specifies the Report Server execution mode. The 64-bit mode is applicable only to 64-bit installations. 32-bit 64-bit Web Service settings Defines a group of properties that specifies web service information. Use this group of properties to set the information associated with a web service. Web Service Host Specifies the host name of the web service. Use this property so that you can connect to the computer that runs the web service. Web Service port number Specifies the port used by the web service. Ensure that you specify a port that is not already in use. Enable SSL? Specifies whether SSL protocol is used for web service http endpoint. If you set the value of this property to true, SSL is used for web service http endpoint. Web Service URI Specifies the end point URI of the web service. This property defines the end point URI of the web service. Ping Path Specifies the URI path to ping this web service. This property defines the URI path to ping this web service. Dataset Service Settings Defines a group of properties that specifies dataset service information. Use this group of properties to set the information associated with a dataset service. Dataset Service port number Specifies the port used by the dataset service. Ensure that you specify a port that is not already in use. Compute Service port number Specifies the port used by the Compute service. Ensure that you specify a port that is not already in use. This entry accepts non-negative numeric values in the following range [0, 65535]. If the user chooses '0', then Compute Service will use dynamic port assignment. In any other case Compute Service will respect the port provided. Other URI Settings Defines a group of properties that specifies URI information. Use this group of properties to set other URI information. Dispatcher URI for external applications Specifies the URI used by the Framework Manager, Metrics Designer, Dynamic Query Analyzer or SDK to send requests to IBM Cognos. The value typically corresponds to the External dispatcher URI of one of the dispatchers in your installation. It must use the real network host name or IP address instead of localhost. If Framework Manager, Metrics Designer, Dynamic Query Analyzer or SDK clients connect to IBM Cognos through an intermediary like a load balancer or proxy, specify the host and port of the intermediary. This property is used by Framework Manager when publishing models, by Metrics Designer when creating metrics, by Dynamic Query Analyzer when querying Content Manager or send request to Dynamic Query Cube, and by SDK developers when querying Content Manager for output. IBM Cognos must be able to locate a gateway or dispatcher running on a Web server that supports chunking and attachments to handle large volumes of data. If there is no firewall between Framework Manager, Metrics Designer, Dynamic Query Analyzer or SDK users and IBM Cognos, components use the default setting. If there is a firewall, you must have access to at least one Web server that supports chunking outside of the firewall. The http or https protocol prefix indicates if SSL is required. Content Manager URIs Specifies one or more URIs to the Content Manager. Use the 'https' or 'http' protocol to select SSL or non-SSL communication. This property is used by dispatchers and services to send requests to the Content Manager. If you are using Standby Content Manager functionality, enter the URIs of all Content Managers. If the host name portion of the URI is set to 'localhost', ensure that 'localhost' is defined on the computer. Data Manager SOAP Server URI Specifies the URI to the Data Manager SOAP Server. Font Settings Defines a group of properties that specifies font information. Use this group of properties to set font information. Physical fonts locations Specifies the locations of font files. Physical fonts map Specifies the mapping of supported fonts to physical font names. Enter a set of font names, such as "Sans Serif" and "Arial". Fonts to embed (batch report service) Specifies the fonts that may be embedded in a PDF document by the batch report service. The decision to always or never embed a font in a PDF document is based on whether embedding was allowed and if the document used characters that are not part of the windows-1252 character encoding. Fonts to never embed (batch report service) Specifies the fonts that may not be embedded in a PDF document by the batch report service. The decision to not embed a font in a PDF document is based on whether the embedding was allowed and if the document used characters that are not part of the windows-1252 character encoding. Fonts to embed (report service) Specifies the fonts that may be embedded in a PDF document by the report service. The decision to always or never embed a font in a PDF document is based on whether embedding was allowed and if the document used characters that are not part of the windows-1252 character encoding. Fonts to never embed (report service) Specifies the fonts that may not be embedded in a PDF document by the report service. The decision to not embed a font in a PDF document is based on whether the embedding was allowed and if the document used characters that are not part of the windows-1252 character encoding. General Server locale Specifies the server locale. The server locale is set using the language selected during installation, but can be changed. This property ensures all log messages are written in one language determined by server locale. If the data in the log is in multiple languages, you may want to override this value so that messages are logged using UTF8 encoding. To do this, set the value of the UTF8 encoding property to true for the Logging component. Server time zone Specifies the time zone used by Content Manager. Use this property to identify the time zone used by Content Manager. Time zones are used as the time reference in schedules and other system times. Default font Specifies the font used in PDF reports when no fonts can be found in the stylesheet to display the data. Use one of the globally supported font names. Email Encoding Specifies the email encoding. The specified encoding will be used for subject and body text when sending email. This has no effect on attachments or the HTML body. UTF-8 Western European (ISO 8859-1) Western European (ISO 8859-15) Western European (Windows-1252) Central and Eastern European (ISO 8859-2) Central and Eastern European (Windows-1250) Cyrillic (ISO 8859-5) Cyrillic (Windows-1251) Turkish (ISO 8859-9) Turkish (Windows-1254) Greek (ISO 8859-7) Greek (Windows-1253) Japanese (Shift-JIS) Japanese (ISO-2022-JP) Japanese (EUC-JP) Traditional Chinese (Big5) Simplified Chinese (GB-2312) Korean (ISO 2022-KR) Korean (EUC-KR) Korean (KSC-5601) Thai (Windows-874) Thai (TIS-620) Archive Location File System Root Specifies the absolute URI used as the root for all archive locations using the file URI addressing scheme. This URI must be of the form file://(file-system-path) where (file-system-path) identifies an existing file system location (example: file://d:/archive; file://../archive (relative paths are relative to the IBM Cognos bin directory); file://\\\\share\\folder (for Windows share)). By default, this URI is not configured which means the function to archive report output to file system is disabled. Alias Roots Specifies one or more alias roots. Each alias root specifies a location on file system to be used as a root folder. The locations use the file URI addressing scheme. For each alias root, the user must specify a URI for either Windows or Unix. If users will be accessing the same root from both Windows and Unix machines, both types of URI's must be specified. The URIs must be in the form of file://server/file-system-path where server identifies the server name of a network resource and file-system-path is an absolute path which identifies an existing file system location. The server element is supported only for Windows URIs and is used to identify a Windows UNC paths such as \\\\server\\share. To specify a local path the host element must be omitted. For example, on Windows file:///c:/file-system-path and on Unix file:///file-system-path. Relative paths such as file:///../file-system-path are not supported. Cookie Settings Defines a group of properties that specifies cookie settings. Use this group of properties to set cookie settings.

overrideOptions Accessibility support for reports serviceDefaultOptions

Audit logging level for adaptive analytics service Minimal Basic Request Trace Full Audit logging level for annotation service Minimal Basic Request Trace Full Audit logging level for agent service Minimal Basic Request Trace Full Audit logging level for batch report service Minimal Basic Request Trace Full Audit the native query for batch report service Specifies whether the native query is logged. Set this value to true, native queries will be logged. When false they are not logged. Audit logging level for the Content Manager Cache Service Minimal Basic Request Trace Full Audit logging level for Content Manager service Minimal Basic Request Trace Full Audit logging level for data advisor service Minimal Basic Request Trace Full Audit logging level for data integration service Minimal Basic Request Trace Full Audit logging level for the dispatcher Minimal Basic Request Trace Full Audit logging level for data movement service Minimal Basic Request Trace Full Audit logging level for delivery service Minimal Basic Request Trace Full Audit logging level for event management service Minimal Basic Request Trace Full Audit logging level for EV service Minimal Basic Request Trace Full Audit logging level for graphics service Minimal Basic Request Trace Full Audit logging level for human task service Minimal Basic Request Trace Full Audit logging level for interactive discovery visualization service Minimal Basic Request Trace Full Audit logging level for job service Minimal Basic Request Trace Full Audit logging level for mobile service Minimal Basic Request Trace Full Audit logging level for metadata service Minimal Basic Request Trace Full Audit logging level for Metrics Manager service Minimal Basic Request Trace Full Audit logging level for migration service Minimal Basic Request Trace Full Audit logging level for monitor service Minimal Basic Request Trace Full Audit logging level for planning administration console service Minimal Basic Request Trace Full Audit logging level for planning data service Minimal Basic Request Trace Full Audit logging level for PowerPlay service Minimal Basic Request Trace Full Audit logging level for planning job service Minimal Basic Request Trace Full Audit logging level for planning Web service Minimal Basic Request Trace Full Audit logging level for presentation service Minimal Basic Request Trace Full Audit logging level for query service Minimal Basic Request Trace Full Enable query execution trace Specifies whether information tracing the execution of queries should be recorded in a log file. Enable query planning trace Specifies whether information tracing the development of query plans should be recorded in a log file. Generate comments in native SQL Specifies whether comments in native SQL are recorded in a log file. Write model to file Used for diagnostics, specifies whether the query service should write the model to a file when a query is executed. Audit logging level for report data service Specifies the auditing level for the Report data service. Minimal Basic Request Trace Full Audit logging level for relational metadata service Minimal Basic Request Trace Full Audit logging level for report service Minimal Basic Request Trace Full Audit the native query for report service Specifies whether the native query is logged. Set this value to true, native queries will be logged. When false they are not logged. Audit logging level for repository service Minimal Basic Request Trace Full Audit logging level for system service Minimal Basic Request Trace Full

Logging Defines a group of properties for the log server. Use this group of properties to provide access to the log server and specify where the log server sends log messages. The log server can direct messages to any number of destinations of any available type, such as a file, a database or a remote log server. Local log server port number Specifies the port used by the local log server. Ensure that you specify a port that is not already in use. Enable TCP? Specifies whether to use TCP protocol for communication between the product components and the log server. If you set the value of this property to true, a TCP (Transmission Control Protocol) connection is used to communicate with the log server. TCP guarantees the delivery of packets in the same order in which they were sent. If you set this property to false, UDP (User Datagram Protocol) connection is used. Local log server worker threads Specifies the maximum number of threads available on the local log server to manage incoming log messages. Enter a value between 1 and 20. The higher the number of threads, the more memory allocated to processing messages. Destination Specifies a unique instance of a device to which the log server directs messages. The value of this property specifies the destination to which the log server directs messages generated by the product. You cannot change the value of this property. It is automatically set when you choose the destination type for logging in the Explorer window. Database Defines a group of properties that allows the log server to direct messages to a database. To direct log messages to a database, add a new database destination to the logging component using the shortcut menu. Then configure the connection string properties for the database by using the shortcut menu to select the database type. You can use the content store as a destination. The database can be located on a remote computer. For distributed installations, you can use one central database to store log messages. Database Specifies the database type for the log server. You cannot change the value of this property. It is automatically set when you choose the database type for the log server in the Explorer window. Microsoft SQL Server database Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the user ID and password that the product uses to connect to the logging database. Specifies the name of the SQL Server database. Defines the set of extra connection parameters Microsoft SQL Server database (Windows Authentication) Defines a group of properties used to locate an existing database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. You can use 'localhost' if the database is located on the same computer. If there is more than one instance of Microsoft SQL Server running on the database computer, use the following syntax: "computername:port" or "computername\\instancename", where the port is determined using the SQL Network Utility or SQL Enterprise Manager. For more information, see the Microsoft SQL Server documentation. Specifies the name of the SQL Server database. Defines the set of extra connection parameters Oracle database Defines a group of properties used to locate an existing Oracle database. Ensure that the database exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Specifies the user ID and password that the product uses to connect to the logging database. Defines the set of extra connection parameters Oracle database (Advanced) Defines a group of properties used to locate an existing Oracle database. Specify this database connection using an Oracle TNS name description. For example, (description=(address=(host=myhost)(protocol=tcp)(port=1521))(connect_data=(sid=orcl))). Ensure that the database already exists. Specifies the user ID and password that the product uses to connect to the logging database. Defines the set of extra connection parameters DB2 database Defines a group of properties used to locate an existing DB2 database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. When a value is specified, database connections are made directly to the database (type 4). When the value is left blank, database connections are made through the database client (type 2). Specifies the user ID and password that the product uses to connect to the logging database. Specifies the name of the DB2 database. Enter the name of the database. Defines the set of extra connection parameters Informix Dynamic Server database Defines a group of properties used to locate an existing Informix Dynamic Server database. Ensure that the database already exists. Specifies the name or TCP/IP address of the database computer. The default value "localhost" indicates that the database is on this computer. Specifies the name of the Informix Dynamic Server database. Enter the name of the database. Defines the set of extra connection parameters File Defines a group of properties that allows the log server to direct messages to a file. By default, all log messages are directed by the log server to a file stored on the local computer. Not all log statements or messages indicate problems; some messages are purely informational, while others help diagnose problems. Log file location Specifies the name and location of a file that contains log statements or messages. Maximum size of log file in MB Specifies the maximum size of the log file in MB. When this limit is exceeded, a new backup file is created. Enter a number between 1 and 50. Maximum number of full log files Specifies the maximum number of backup log files. When the limit is exceeded, the oldest log file is deleted. Each backup file is created using a sequential file extension. For example, 'filename.1', 'filename.2'. Use UTF8 encoding? Specifies whether to use UTF-8 character set encoding for log messages. Set this value to true to use UTF-8 encoding. Otherwise, native encoding is used. Syslog Defines a group of properties that allows the log server to direct messages to the syslog. Not all log statements or messages indicate problems; some messages are purely informational, while others help diagnose problems. Syslog host name Specifies the host name of the computer where the system log is stored. If you use a fully qualified name, ensure that your network is set up to resolve it. Syslog facility Specifies the service areas under which you can log messages. Use this property to list log statements for the facility (hardware device, protocol, or a module or system software) that produces the messages. KERN USER MAIL DAEMON AUTH SYSLOG LPR NEWS UUCP CRON AUTHPRIV FTP LOCAL0 LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7 Print syslog facility? Specifies whether the syslog facility is printed as part of the log message. Set this property to true to ensure the log message includes the facility name. Event log Defines a group of properties that allows the log server to direct messages to the Windows Event log. Not all log messages indicate problems; some messages are informational, while others help diagnose problems. NT Event log source Specifies the name of the source application that generated the message. Use this property to change the name of source. For example, you may find it useful to use IBM Cognos component names. By default, the application name is IBM Cognos. Remote log server Defines a group of properties that configures a TCP connection to the remote log server. Use a remote log server to collect and merge log messages from the log server on each computer in a distributed environment. All log messages are sent by local components to the local log server and then directed to the remote log server. Remote log server host name and port Specifies the host name and port of the remote log server. The remote log server is located on another computer. Use the following syntax: host:port. Remote log server reconnection delay Specifies the maximum number of seconds to wait between failed connection attempts to the remote log server. Set the value of this property to zero to disable reconnection attempts. Enable SSL? Specifies whether SSL protocol is used to communicate with the remote log server. If you set the value of this property to true, SSL is used and encryption is enabled for communication with the remote log server.

Metadata Information Service URI Specifies the URI to the Metadata Information Service. The value for this parameter can be a relative or an absolute URI. The parameter is a relative URI if the value starts with a '/' character. In this case the URI is relative to the URI value of the "Gatteway" parameter. To use an external metadata service specify an absolute URI to that service. IBM Business Glossary URI Specifies the URI to the IBM Business Glossary service.

Processing capacity Specifies the processing capacity of this dispatcher relative to any other dispatchers in the group of dispatchers. Use the capacity to indicate the relative speed of each computer in the group. For example, if the first dispatcher is twice as fast as the second, set the capacity of the first to 2.0 and the capacity of the second to 1.0. Incoming requests will be directed to these dispatchers in the same relative proportion (2-to-1); that is, the first dispatcher will receive two-thirds of the requests. Load balancing mode Weighted Round Robin Cluster Compatible Temporary objects location Defines the location of temporary objects created during an Interactive Report runs Content Store Server File System Temporary objects lifetime Defines the life span of temporary objects saved on Local File System during Interactive Report runs Server group Number of high affinity connections for the adaptive analytics service during non-peak period Specifies the number of connections that a adaptive analytics service process can use to execute high affinity requests. Use this property to limit the number of high affinity requests that can be executed concurrently by a adaptive analytics service process. High affinity requests are requests that are tightly associated with a particular process. These requests are typically executed faster than low affinity requests. Maximum execution time for the adaptive analytics service (seconds) Specifies the maximum number of elapsed seconds that a request is allowed to run before being cancelled by the dispatcher. The default value of 0 means no limit is applied. Maximum number of processes for the adaptive analytics service during non-peak period Specifies the maximum number of adaptive analytics service processes that a dispatcher can start at any one time. Number of low affinity connections for the adaptive analytics service during non-peak period Specifies the number of connections that a adaptive analytics service process can use to execute low affinity requests. Use this property to limit the number of low affinity requests that can be executed concurrently by a adaptive analytics service process. Low affinity requests establish the context for requests that may follow by caching information. Low affinity requests usually take longer to execute than subsequent high affinity requests. There are no benefits to sending low affinity requests to a particular process because these requests do not use cached information. Number of high affinity connections for the adaptive analytics service during peak period Specifies the number of connections that a process of the adaptive analytics service can use to execute high-affinity requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of processes for the adaptive analytics service during peak period Specifies the maximum number of adaptive analytics service processes that a dispatcher can start during peak hours. Number of low affinity connections for the adaptive analytics service during peak period Specifies the number of connections that a adaptive analytics service process can use to execute low affinity requests during peak hours. This property limits the number of low affinity requests that can be executed concurrently by a adaptive analytics service process. Number of high affinity connections for the batch report service during non-peak period Specifies the number of connections that a batch report service process can use to execute high affinity requests. Use this property to limit the number of high affinity requests that can be executed concurrently by a batch report service process. High affinity requests are requests that are tightly associated with a particular process. These requests are typically executed faster than low affinity requests. Number of low affinity connections for the batch report service during non-peak period Specifies the number of connections that a batch report service process can use to execute low affinity requests. Use this property to limit the number of low affinity requests that can be executed concurrently by a Batch report service process. Low affinity requests establish the context for requests that may follow by caching information. Low affinity requests usually take longer to execute than subsequent high affinity requests. There are no benefits to sending low affinity requests to a particular process because these requests do not use cached information. Maximum number of processes for the batch report service during non-peak period Specifies the maximum number of batch report service processes that a dispatcher can start at any one time. Governor limit (MB) Specifies the maximum size of data returned (MB). Number of high affinity connections for the metadata service during non-peak period Specifies the number of connections that a metadata service process can use to execute high affinity requests. Use this property to limit the number of high affinity requests that can be executed concurrently by a matadata service process. High affinity requests are requests that are tightly associated with a particular process. These requests are typically executed faster than low affinity requests. Number of low affinity connections for the metadata service during non-peak period Specifies the number of connections that a metadata service process can use to execute low affinity requests. Use this property to limit the number of low affinity requests that can be executed concurrently by a metadata service process. Low affinity requests establish the context for requests that may follow by caching information. Low affinity requests usually take longer to execute than subsequent high affinity requests. There are no benefits to sending low affinity requests to a particular process because these requests do not use cached information. Queue time limit of the metadata service (seconds) Specifies the number of seconds that a request can be queued before it exceeds the timeout period. Maximum execution time for the metadata service (seconds) Specifies the maximum number of elapsed seconds that a request is allowed to run before being cancelled by the dispatcher. The default value of 0 means no limit is applied. Number of high affinity connections for the PowerPlay service during non-peak period Specifies the number of connections that a PowerPlay service process can use to execute high affinity requests. Use this property to limit the number of high affinity requests that can be executed concurrently by a PowerPlay service process. High affinity requests are requests that are tightly associated with a particular process. These requests are typically executed faster than low affinity requests. Number of low affinity connections for the PowerPlay service during non-peak period Specifies the number of connections that a PowerPlay service process can use to execute low affinity requests. Use this property to limit the number of low affinity requests that can be executed concurrently by a PowerPlay service process. Low affinity requests establish the context for requests that may follow by caching information. Low affinity requests usually take longer to execute than subsequent high affinity requests. There are no benefits to sending low affinity requests to a particular process because these requests do not use cached information. Queue time limit of the PowerPlay service (seconds) Specifies the number of seconds that a PowerPlay request can be queued before it exceeds the timeout period. Maximum execution time for the PowerPlay service (seconds) Specifies the maximum number of elapsed seconds that a report is allowed to run before being cancelled by the dispatcher. The default value of 0 means no limit is applied. Maximum size of an uncompressed email attachment for Power Play service in MB Specifies the maximum amount of data that can be placed in an attachment by the Power Play service in MB. The size used is the size of the data before it is compressed. Use a value of 0 when you want to allow the size of an attachment to be unlimited. Maximum connections for relational metadata service during non-peak period Specifies the maximum number of connections that a process of the relational metadata service can use concurrently to execute requests. Use this property to limit the number of requests that can be executed concurrently by an relational metadata service process. Maximum execution time for the relational metadata service (seconds) Specifies the maximum number of seconds that a task can run before being canceled by the dispatcher. The default value of 0 means no limit is applied. Maximum number of relational metadata service connections during peak period Specifies the number of connections that a process of the relational metadata service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Number of high affinity connections for the report service during non-peak period Specifies the number of connections that a report service process can use to execute high affinity requests. Use this property to limit the number of high affinity requests that can be executed concurrently by a report service process. High affinity requests are requests that are tightly associated with a particular process. These requests are typically executed faster than low affinity requests. Number of low affinity connections for the report service during non-peak period Specifies the number of connections that a report service process can use to execute low affinity requests. Use this property to limit the number of low affinity requests that can be executed concurrently by a report service process. Low affinity requests establish the context for requests that may follow by caching information. Low affinity requests usually take longer to execute than subsequent high affinity requests. There are no benefits to sending low affinity requests to a particular process because these requests do not use cached information. Maximum number of processes for the report service during non-peak period Specifies the maximum number of report service child processes that a dispatcher can start at any one time. Queue time limit of the report service (seconds) Specifies the number of seconds that a request can be queued before it exceeds the timeout period. Maximum execution time for the report service (seconds) Specifies the maximum number of elapsed seconds that a report is allowed to run before being cancelled by the dispatcher. The default value of 0 means no limit is applied. Maximum size of an uncompressed email attachment for report service in MB Specifies the maximum amount of data that can be placed in an attachment by the report service in MB. The size used is the size of the data before it is compressed. Use a value of 0 when you want to allow the size of an attachment to be unlimited. Maximum execution time for the batch report service (seconds) Specifies the maximum number of elapsed seconds that a report is allowed to run before being cancelled by the dispatcher. The default value of 0 means no limit is applied. Maximum size of an uncompressed email attachment for batch report service in MB Specifies the maximum amount of data that can be placed in an attachment by the batch report service in MB. The size used is the size of the data before it is compressed. Use a value of 0 when you want to allow the size of an attachment to be unlimited. Number of hotspots generated in a chart by the batch report service Specifies the maximum number of hotspots generated in a chart. Use a value of 0 when you want to disable the generation of chart hotspots. Use the default value of Unlimited to generate all hotspots in a chart. Use this property to limit the number of chart hotspots that will be generated by a batch report service process. Number of hotspots generated in a chart by the report service Specifies the maximum number of hotspots generated in a chart. Use a value of 0 when you want to disable the generation of chart hotspots. Use the default value of Unlimited to generate all hotspots in a chart. Use this property to limit the number of chart hotspots that will be generated by a report service process. Maximum connections for job service during non-peak period Specifies the number of connections that a process of the job service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a job service process. Maximum size of an uncompressed email attachment for delivery service in MB Specifies the maximum size of an uncompressed email attachment in MB. The delivery service will compress an attachment that is larger than the maximum size before sending it. Use a value of 0 to disable attachment compression. Use a nil value to compress all attachments. Setting a non-nil, non-zero value improves performance when sending emails with large attachments, such as report outputs. Maximum connections for agent service during non-peak period Specifies the maximum number of connections that a process of the agent service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by an agent service process. Maximum size of an uncompressed email attachment for agent service in MB Specifies the maximum amount of data that can be placed in an attachment by the agent service in MB. The size used is the size of the data before it is compressed. Use a value of 0 when you want to allow the size of an attachment to be unlimited. Maximum connections for delivery service during non-peak period Specifies the number of connections that a process of the delivery service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a delivery service process. Maximum size of an email message for delivery service in MB Specifies the maximum amount of data that can be placed in an e-mail by the delivery service in MB. The size used is the size of the data after it is compressed. Use a value of 0 when you want to allow the size of an e-mail to be unlimited. Maximum connections for data integration service during non-peak period Specifies the number of connections that a process of the data integration service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a data integration service process. Maximum connections for planning administration console service during non-peak period Specifies the number of connections that a process of the planning administration console service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a planning administration console service process. Maximum connections for planning runtime service during non-peak period Specifies the number of connections that a process of the planning runtime service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a planning runtime service process. Maximum connections for planning task service during non-peak period Specifies the number of connections that a process of the planning task service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a planning task service process. Maximum connections for Metrics Manager service during non-peak period Specifies the number of connections that a process of the Metrics Manager service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a Metrics Manager service process. Maximum connections for mobile service during non-peak period Specifies the number of connections that a process of the mobile service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a mobile service process. Maximum connections for planning data service during non-peak period Specifies the number of connections that a process of the planning data service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a planning data service process. Maximum connections for Content Manager service during non-peak period Specifies the number of connections that a process of the Content Manager service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a Content Manager service process. Maximum connections for migration service during non-peak period Specifies the number of connections that a process of the migration service can use to execute requests. Use this property to limit the number of requests that can be executed concurrently by a migration service process. Expose cell annotations Specifies if cell annotations should be shown in authoring studios. Use this property to enable or diable access to cell annotations metadata items in analysis Studio, Event Studio, Query Studio and Report Studio. Enabling access will allow authors to present these annotations in their reports, queries and agents. By default, cell annotations are hidden. E-List access cache timeout (seconds) Specifies the number of seconds that an e-list access rights cache entry can remain in the cache before it needs to be recalculated. Use this property to increase or decrease the amount of time that the E-list access rights are retained in memory before they are refreshed from the application database. For more frequent updates, user can set a shorter timeout period. By default, access rights are refreshed once per hour (every 3600 seconds). Maximum number of processes for the planning data service during non-peak period Specifies the maximum number of planning data service processes that can be started by a dispatcher. Use this property to control the number of planning data service processes that are running on the local machine. At startup, one process is started and as requested volume increases, additional processes might be started. By default, number of processes is limited to 1. Non Peak period start hour Specifies the hour of the day at which the non-peak demand time begins. Peak period start hour Specifies the hour of the day at which the peak demand time begins. Periodical document version retention age Specifies the default maximum age of documentVersion objects to be retained in a periodical document. This value is used to construct a retention rule for new documents in periodicals. Periodical document version retention count Specifies the default maximum number of documentVersion objects to be retained in a periodical document. This value is used to construct a retention rule for new documents in periodicals. Maximum number of agent service connections during peak period Specifies the number of connections that a process of the agent service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Number of high affinity connections for the batch report service during peak period Specifies the number of connections that a process of the batch report service can use to execute high-affinity requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Number of low affinity connections for the batch report service during peak period Specifies the number of connections that a batch report service process can use to execute low affinity requests during peak hours. This property limits the number of low affinity requests that can be executed concurrently by a batch report service process. Maximum number of processes for the batch report service during peak period Specifies the maximum number of batch report service processes that a dispatcher can start during peak hours. Maximum number of Content Manager service connections during peak period Specifies the number of connections that a process of the Content Manager service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of data integration service connections during peak period Specifies the number of connections that a process of the data integration service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of delivery service connections during peak period Specifies the number of connections that a process of the delivery service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Number of high affinity connections for the graphics service during non-peak period Specifies the number of connections that a graphics service process can use to execute high affinity requests. Use this property to limit the number of high affinity requests that can be executed concurrently by a graphics service process. High affinity requests are requests that are tightly associated with a particular process. These requests are typically executed faster than low affinity requests. Number of low affinity connections for the graphics service during non-peak period Specifies the number of connections that a graphics service process can use to execute low affinity requests. Use this property to limit the number of low affinity requests that can be executed concurrently by a graphics service process. Low affinity requests establish the context for requests that may follow by caching information. Low affinity requests usually take longer to execute than subsequent high affinity requests. There are no benefits to sending low affinity requests to a particular process because these requests do not use cached information. Number of high affinity connections for the graphics service during peak period Specifies the number of connections that a process of the graphics service can use to execute high-affinity requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Number of low affinity connections for the graphics service during peak period Specifies the number of connections that a graphics service process can use to execute low affinity requests. Use this property to limit the number of low affinity requests that can be executed concurrently by a graphics service process. Low affinity requests establish the context for requests that may follow by caching information. Low affinity requests usually take longer to execute than subsequent high affinity requests. There are no benefits to sending low affinity requests to a particular process because these requests do not use cached information. Maximum number of processes for the graphics service during non-peak period Specifies the maximum number of graphics service processes that a dispatcher can start at any one time. Maximum number of processes for the graphics service during peak period Specifies the maximum number of graphics service processes that can be started by a dispatcher. Use this property to control the number of graphics service processes that are running on the local machine. At startup, one process is started and as requested volume increases, additional processes might be started. By default, number of processes is limited to 1. Queue time limit of the graphics service (seconds) Specifies the number of seconds that a request can be queued before it exceeds the timeout period. Maximum execution time for the graphics service (seconds) Specifies the maximum number of elapsed seconds that a graphics is allowed to run before being cancelled by the dispatcher. The default value of 0 means no limit is applied. Maximum number of job service connections during peak period Specifies the number of connections that a process of the job service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of mobile service connections during peak period Specifies the number of connections that a process of the mobile service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of processes for the metadata service during non-peak period Specifies the maximum number of metadata service processes that can be started by a dispatcher. Use this property to control the number of metadata service processes that are running on the local machine. At startup, one process is started and as requested volume increases, additional processes might be started. By default, number of processes is limited to 1. Maximum number of processes for the metadata service during peak period Specifies the maximum number of metadata service processes that a dispatcher can start during peak hours. Number of high affinity connections for the metadata service during peak period Specifies the number of connections that a process of the metadata service can use to execute high-affinity requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Number of low affinity connections for the metadata service during peak period Specifies the number of connections that a metadata service process can use to execute low affinity requests during peak hours. This property limits the number of low affinity requests that can be executed concurrently by a metadata service process. Maximum number of migration service connections during peak period Specifies the number of connections that a process of the migration service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of Metrics Manager service connections during peak period Specifies the number of connections that a process of the Metrics Manager service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of planning administration console service connections during peak period Specifies the number of connections that a process of the planning administration console service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of planning data service connections during peak period Specifies the number of connections that a process of the planning data service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of processes for the planning data service during peak period Specifies the maximum number of planning data service processes that a dispatcher can start. Maximum number of planning runtime service connections during peak period Specifies the number of connections that a process of the planning runtime service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Maximum number of planning task service connections during peak period Specifies the number of connections that a process of the planning task service can use to execute requests during peak hours. This property limits the number of these requests that can be executed concurrently by a process. Number of high affinity connections for the report service during peak period Specifies the number of connections that a report service process can use to execute high affinity requests during peak hours. This property limits the number of these requests that can be executed concurrently by a report service process. Number of low affinity connections for the report service during peak period Specifies the number of connections that a report service process can use to execute low affinity requests during peak hours. This property limits the number of low affinity requests that can be executed concurrently by a report service process. Maximum number of processes for the report service during peak period Specifies the maximum number of report service processes that can be started by a dispatcher during peak hours. Maximum number of seconds reports and report elements can exist in the cache. Specified the maximum number of seconds reports and report elements can exist in the cache. Setting value of 0 allows objects to exist in the cache forever. Maximum number of reports and report elements that can overflow to disk. Specifies the maximum number of reports and report elements that can overflow to the local disk. Setting value of 0 allows an unlimited number of reports and report elements to be stored on disk. Maximum number of reports and report elements that can be stored in memory. Specifies the maximum number of reports and report elements that can be stored in memory. Setting value of 0 allows an unlimited number of reports and report elements to be stored in memory. PDF Character Encoding for batch report service Specifies the character encoding for PDF documents created by the batch report service. Auto Font Windows1252 PDF Character Encoding for report service Specifies the character encoding for PDF documents created by the report service. Auto Font Windows1252 Option to allow the batch report service to embed fonts in generated PDF documents Specifies whether the batch report service should embed fonts in generated PDF documents. Allow Auto Disallow Option to allow the report service to embed fonts in generated PDF documents Specifies whether the report service should embed fonts in generated PDF documents. Allow Auto Disallow The PDF compression type for PDF documents created by the batch report service Specifies the PDF compression type for PDF documents created by the batch report service. Classic Basic Improved Advanced Full The PDF compression type for PDF documents created by the report service Specifies the PDF compression type for PDF documents created by the report service. Classic Basic Improved Advanced Full Content Compression level for PDF documents created by the batch report service A higher value indicates a more aggressive compression strategy should be applied. The number must be an integer between 0 and 9. The value 0 means that the document should not be compressed while the value 9 means maximum compression. Content Compression level for PDF documents created by the report service A higher value indicates a more aggressive compression strategy should be applied. The number must be an integer between 0 and 9. The value 0 means that the document should not be compressed while the value 9 means maximum compression. Number of high affinity connections for the data movement service during non-peak period Specifies the number of connections that a data movement service process can use to execute high affinity requests during non-peak hours. This property limits the number of these requests that can be executed concurrently by a data movement service process. High affinity requests are requests that are tightly associated with a particular process. These requests are usually executed faster than low affinity requests. Number of low affinity connections for data movement service during non-peak period Specifies the number of connections that a data movement service process can use to execute low affinity requests during non-peak hours. This property limits the number of low affinity requests that can be executed concurrently by a data movement service process. Maximum number of processes for the data movement service during non-peak period Specifies the maximum number of data movement service processes that can be started by a dispatcher during non-peak hours. Queue time limit of the data movement service (seconds) Specifies the number of seconds that a data movement request can be queued before it exceeds the timeout period. Maximum execution time for the data movement service (seconds) Specifies the maximum number of seconds that a task can run before being canceled by the dispatcher. The dispatcher logs an error (DPR-ERR-2087) indicating that the task execution was canceled due to the execution time limit set being exceeded. A secondary request made against a conversation that has exceeded the time limit returns an error message. Use a value of 0 when you want to allow the report to complete execution, regardless of the amount of time necessary. Number of high affinity connections for the data movement service during peak period Specifies the number of connections that a data movement service process can use to execute high affinity requests during peak hours. This property limits the number of these requests that can be executed concurrently by a data movement service process. High affinity requests are requests that are tightly associated with a particular process. These requests are usually executed faster than low affinity requests. Number of low affinity connections for the data movement service during peak period Specifies the number of connections that a data movement service process can use to execute low affinity requests during peak hours. This property limits the number of low affinity requests that can be executed concurrently by a data movement service process. Maximum number of processes for the data movement service during peak period Specifies the maximum number of data movement service processes that a dispatcher can start during peak hours. Memory limit for the content manager cache service as a percentage of the total JVM heap memory Specifies the memory usage limit for the content manager request cache as a percentage of the total JVM heap memory. Setting the property to 0 will disable the caching. Completed human task lifetime Specifies the lifetime of completed human tasks. Completed annotation lifetime Specifies the lifetime of an annotation. Idle connection timeout (seconds) This property specifies the idle database connection timeout period in seconds. Set value to -1 to disable the timeout. Do not start dynamic cubes when service starts (Requires QueryService restart) Specifies whether dynamic cubes are started automatically when the service starts up. Dynamic cube administration command timeout (seconds) (Requires QueryService restart) Specifies the timeout period, in seconds, for a dynamic cube administration command. Use a value of 0 when you want to allow the command to complete execution, regardless of the amount of time necessary. Minimum query execution time before a result set is considered for caching (milliseconds) Specifies the minimum query execution time in milliseconds before a result set is considered for caching. Initial JVM heap size for the query service (MB) (Requires QueryService restart) Specifies the initial size, in MB, of the Java Virtual Machine (JVM) heap. (Requires QueryService restart) JVM heap size limit for the query service (MB) (Requires QueryService restart) Specifies the maximum size, in MB, of the Java Virtual Machine (JVM) heap. (Requires QueryService restart) Initial JVM nursery size (MB) (Requires QueryService restart) Specifies the initial nursery size, in MB, of the Java Virtual Machine (JVM). (Requires QueryService restart) JVM nursery size limit (MB) (Requires QueryService restart) Specifies the maximum size, in MB, of the Java Virtual Machine (JVM) nursery. (Requires QueryService restart) JVM garbage collection policy (Requires QueryService restart) Specifies the garbage collection policy used to manage JVM heap storage. (Requires QueryService restart) Balanced Custom Generational Additional JVM arguments for the query service (Requires QueryService restart) Specifies other arguments that control the Java Virtual Machine (JVM). The arguments may vary depending on the JVM. (Requires QueryService restart) Number of garbage collection cycles output to the verbose log (Requires QueryService restart) Specifies the number of garbage collection cycles logged if verbose garbage collection logging is enabled. (Requires QueryService restart) Disable JVM verbose garbage collection logging (Requires QueryService restart) Specifies whether garbage collection information is recorded in a log file. (Requires QueryService restart)

Gateway mappings Contains the mappings from external PowerPlay gateway to internal PowerPlay dispatcher for this service. Collaboration discovery URI Specifies the discovery URI for the external collaboration services. Dynamic cube configurations Contains configuration data for dynamic cubes. JMX proxy host dispatchers Contains a list of dispatchers eligible to host the Java Management Extensions (JMX) proxy server in preferred order.

IBM Cognos services Defines a group of properties for the IBM Cognos services. Use these properties to specify the amount of resources that the IBM Cognos services use. Configuration Specifies the template used to configure the IBM Cognos service. This property is automatically set when you select a template for the IBM Cognos service. You cannot change the value of this property in this window. If you want to use another template, in the Explorer window, right-click the service and click Delete. Right-click IBM Cognos service, click New resource, Configuration. Enter a resource name and then select a template from the list. WebSphere Liberty Profile Defines a group of properties for a configuration template used for WebSphere Liberty Profile. Register Start Stop Restart Maximum memory for Websphere Liberty Profile in MB Advanced properties These properties are used to tune the WebSphere Liberty Profile (WLP) server. The property value of 'coreThreads' represents the number of threads that the WLP server starts up with. The 'maxThreads' value represents the maximum number of threads that can be associated with the WLP server. Customize these values according to the hardware resources available. For more information, refer to the WLP server documentation (http://www-01.ibm.com/support/knowledgecenter/?lang=en#!/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/twlp_tun.html?cp=SSEQTP_8.5.5%2F1-3-11-0-7). Enable IBM Lightweight Third-Party Authentication (LTPA)? Specifies whether to enable IBM Lightweight Third-Party Authentication for IBM Cognos Analytics. You can configure IBM Cognos Analytics components to use IBM Lightweight Third-Party Authentication (LTPA). Use this property to enable or disable LTPA for IBM Cognos Analytics. Environment Variables Specifies a set of envireonment variables that will be passed to bootstrap service. The user needs to provide the name and the value for each environment variable. Agent service enabled? Specifies whether the agent service is enabled. Use this property to enable or disable the agent service on the local computer. The agent service executes agents. If the conditions for an agent are met, the agent service signals the monitor service to execute the tasks. By default the agent service is enabled. Annotation service enabled? Specifies whether the annotation service is enabled. Use this property to enable or disable the annotation service on the local computer. This service allows the ability to add commentary to reports. By default the annotation service is enabled. Batch report service enabled? Specifies whether the batch report service is enabled. Use this property to enable or disable the batch report service on the local computer. The batch report service handles background requests for report executions and provides output, on behalf of the monitor service. The batch report service works the same as the report service, except it handles only background executions. By default the batch report service is enabled. Content Manager service enabled? Specifies whether the Content Manager service is enabled. Use this property to enable or disable the Content Manager service on the local computer. The Content Manager service is a service used by other services to store, organize, and retrieve application data such as system configuration, models, report specifications, report outputs, schedules, user accounts, groups, contacts, distribution lists and data sources. A distributed installation may have one active Content Manager service, and one or more standby Content Manager services. By default the Content Manager service is enabled. Data integration service enabled? Specifies whether the data integration service is enabled. Use this property to enable or disable the data integration service on the local computer. The data integration service manages the tasks that obtain data from data sources, extract information from data stores, recalculate and transform data, and load content for use by Metrics Manager in the portal. By default the data integration service is enabled. Data Manager SOAP service enabled? Specifies whether the Data Manager SOAP service is enabled. Use this property to enable or disable Data Manager SOAP service on the local computer. By default Data Manager SOAP service is enabled. Data movement service enabled? Specifies whether the data movement service is enabled. Use this property to enable or disable the data movement service on the local computer. The data movement service is used for CEBA-based requests for data movement tasks. By default, the data movement service is enabled. Delivery service enabled? Specifies whether the delivery service is enabled. Use this property to enable or disable the delivery service on the local computer. The delivery service sends emails on behalf of other services, such as the report service, job service or agent service. By default the delivery service is enabled. Dispatcher service enabled? Specifies whether the dispatcher related services are enabled. Use this property to enable or disable a number of services on the local computer. Currently these are the batch report service, report service, data movement service, metadata service and presentation service. By default these services are disabled on computers where Content Manager is the only component that is installed. Please note that the dispatcher itself will not be disabled. Event management service enabled? Specifies whether the event management service is enabled. Use this property to enable or disable the event management service on the local computer. The event management service manages scheduled task executions. When a scheduled task execution begins, the event management service signals the monitor service to begin the execution of the task. By default the event management service is enabled. Graphics service enabled? Specifies whether the graphics service is enabled. Use this property to enable or disable the graphics service on the local computer. The graphics service produces charts and graphics on behalf of the report service. By default the graphics service is enabled. Human task service enabled? Specifies whether the human task service is enabled. Use this property to enable or disable the human task service on the local computer. This service enables the ability to create and manage human tasks. A human task, such as a report approval, can be assigned to individuals or groups on an ad-hoc basis or by any of the other services. By default the human task service is enabled. Interactive discovery visualization service enabled? Specifies whether the interactive discovery visualization service is enabled. Use this property to enable or disable the interactive discovery visualization service on the local computer. The interactive discovery visualization service provides content to IBM Cognos products to support interactive discovery and visualization functionality. By default the interactive discovery visualization service is enabled. Job service enabled? Specifies whether the job service is enabled. Use this property to enable or disable the job service on the local computer. The job service executes jobs and signals the monitor service to execute job steps in the background. By default the job service is enabled. Metadata service enabled? Specifies whether the metadata service is enabled. Use this property to enable or disable the metadata service on the local computer. The metadata service handles metadata requests including lineage, queryMetadata, updateMetadata and testDataSourceConnection. By default, the metadata service is enabled. Metrics Manager service enabled? Specifies whether Metrics Manager service is enabled. Use this property to enable or disable Metrics Manager service on the local computer. The Metrics Manager service manages application requests, such as requests for Web pages or application configuration information. By default the Metrics Manager service is enabled. Migration service enabled? Specifies whether the migration service is enabled. Use this property to enable or disable the migration service on the local computer. The migration service is used to migrate PowerPlay content. By default the migration service is disabled on computers where Content Manager is not installed. Mobile service enabled? Specifies whether the mobile service is enabled. Use this property to enable or disable the mobile service on the local computer. The mobile service allows content to be sent to mobile devices, and handles requests from mobile devices. By default the mobile service is enabled. Monitor service enabled? Specifies whether the monitor service is enabled. Use this property to enable or disable the monitor service on the local computer. The monitor service signals a target service to handle a task, then monitors the execution of the task and collects and saves history information for the execution of the task. The monitor service can also take control of asynchronous service conversations on behalf of the client. By default the monitor service is enabled. Planning administration console service enabled? Specifies whether the planning administration console service is enabled. Use this property to enable or disable the planning administration console service on the local computer. By default the planning administration console service is enabled. Planning data service enabled? Specifies whether the planning data service is enabled. Use this property to enable or disable the planning data service on the local computer. The planning data service manages report queries against IBM Cognos Planning - Contributor data sources. By default, the planning data service is enabled. Planning job service enabled? Specifies whether the planning job Data Manager service is enabled. Use this property to enable or disable the planning job service on the local computer. By default the planning job service is enabled. Planning Web service enabled? Specifies whether the planning Web service is enabled. Use this property to enable or disable the planning Web service on the local computer. By default the planning Web service is enabled. PowerPlay service enabled? Specifies whether the PowerPlay service is enabled. Use this property to enable or disable the PowerPlay service on the local computer. By default the PowerPlay service is enabled. Presentation service enabled? Specifies whether the presentation service is enabled. Use this property to enable or disable the presentation service on the local computer. The presentation service handles requests for IBM Cognos Connection, Query Studio, and Event Studio. By default the presentation service is disabled on computers where Content Manager is the only component that is installed. Query service enabled? Specifies whether the query service is enabled. Use this property to enable or disable the query service on the local computer. By default the query service is enabled. Report data service enabled? Specifies whether the report data service is enabled. Use this property to enable or disable the report data service on the local computer. The report data service manages external client requests such as IBM Cognos BI for Microsoft Office. By default the report data service is enabled. Report service enabled? Specifies whether the report service is enabled. Use this property to enable or disable the report service on the local computer. The report service handles interactive requests for report executions and generates output for a user in IBM Cognos Connection or one of the studios. By default the report service is enabled. Repository service enabled? Specifies whether the repository service is enabled. Use this property to enable or disable the repository service on the local computer. By default the repository service is enabled. Relational metadata service enabled? Specifies whether the relational metadata service is enabled. Use this property to enable or disable the relational metadata service on the local computer. By default the relational metadata service is enabled. Visualization Gallery service enabled? Specifies whether the visualization gallery service is enabled. Use this property to enable or disable the visualization gallery service on the local computer. By default the visualization gallery service is enabled.

Portal Services Defines the properties for the portal services. Web Content URI Specifies the URI of the portal services Web content. No value is required when the Web content, represented by the portal services portlets, is used in IBM Cognos Connection. When the portlets are deployed to a third-party portal, this value can optionally be used to specify an alternate Web content URI where portal users can access portal services images and Web content. For example, http://MyPortalImageServer/ibmcognos/. Location of 'applications.xml' Specifies the URI or local file path of the applications.xml file. If your environment includes more than one instance of IBM Cognos, and you configure different instances to use different applications.xml locations, each location must contain the same version of the applications.xml file. Trusted Signon Namespace ID Specifies the authentication namespace ID. Enter the value of an existing authentication namespace. Shared secret Specifies the value of a key for single signon using the shared secret method. This property is case-sensitive.

IBM Cognos Application Firewall Defines a group of properties to configure the IBM Cognos Application Firewall. The IBM Cognos Application Firewall is an essential component of product security helping to provide protection against penetration vulnerabilities. Disabling the IBM Cognos Application Firewall will remove this protection; therefore, this should not be done under normal circumstances. Enable CAF validation? Specifies whether to enable IBM Cognos Application Firewall validation. The IBM Cognos Application Firewall is an essential component of product security helping to provide protection against penetration vulnerabilities. Disabling the IBM Cognos Application Firewall will remove this protection; therefore, this should not be done under normal circumstances. In addition, if third party XSS checking is enabled, CAF validation must also be enabled. Valid domains or hosts Specifies valid domain and/or host name values for your configuration. The IBM Cognos Application Firewall will validate hostname and domain names used or passed in a request. You may add additional host names or domain names to support your configuration and system topology. For example, add .mycompany.com to allow the domains from mycompany.com. You may also allow a domain and all its sub-domains by adding a wildcard at the beginning of the domain such as, *.mycompany.com. Is third party XSS checking enabled? Specifies whether CAF support for third party cross site scripting checking is enabled. Enables CAF to support third party cross site scripting checking by encoding requests to prevent discouraged characters from being rejected by the third party checking. Enable this property if you have a tool that is performing XSS of GET requests. You can only enable this property when CAF validation is also enabled. By default, the third party XSS characters <, ' and > will be encoded. False True (Requires CAF validation enabled)

Data Manager Defines a group of properties for Data Manager. Data files location Specifies the directory that Data Manager delivers text data files and metadata files to. Log files location Specifies the directory that Data Manager writes log files to when you execute builds from a catalog. Data Manager network services Defines a group of properties for Data Manager network services. Log files location Specifies the directory that Data Manager network services writes log files to. Client Defines a group of properties for Data Manager server connections. Logging severity Specifies the level of logging on the client. 1 = least verbose, 5 = most verbose. Default port Specifies the default port for the remote connection. Default protocol for remote connection The default protocol used for remote connection. Use this property to specify the protocol for the remote connection. SOAP Secure SOAP Socket Default service access password The default service access password for remote Data Manager Network servers. This password is used if no matched server connection entry is found for given host / port / protocol. Data Manager net connection Data Manager net connection Defines a group of properties used to define a server connection. Ensure that the server exists and that the resource name is the host name of the remote server. Port Specifies the port of the remote connection. Protocol for remote connection The protocol used for remote connection. Use this property to specify the protocol for the remote connection. SOAP Secure SOAP Socket Service access password The service access password for the Data Manager network server. Server Defines a group of properties for Data Manager servers. SOAP Server Defines a group of properties for Data Manager network services SOAP Server. Logging severity Specifies the level of logging on the server. 1 = least verbose, 5 = most verbose. Enable Enable the Data Manager SOAP server. Disable Disable the Data Manager SOAP server. Socket Server Defines a group of properties for Data Manager network services Socket Server. Service access password The service access password for the Data Manager network server. Socket port number Specifies the port for the Socket Server. Logging severity Specifies the level of logging on the server. 1 = least verbose, 5 = most verbose. Register Registering the Data Manager socket server service Start Starting the Data Manager socket server Stop Stopping the Data Manager socket server Restart

Planning Defines the properties for the Planning. Analyst maximum workspace size in KB Specifies how much memory the APL interpreter can use. Enter a value between 64000 and 2000000. Memory is allocated as it is needed, but only up to this limit. Once allocated, the memory will not be available for other applications while Analyst is running. IBM Cognos BI installation location Specifies the path to the IBM Cognos Business Intelligence installation. This path is specified when IBM Cognos BI is installed. This property is used by Planning components that require an IBM Cognos BI installation. Planning Server Defines a group of properties for planning server. Listening port number Specifies the port the product uses to listen for commands on. Shutdown port number Specifies the port the product uses to listen for a shut down command. Oracle ODBC Driver Specifies which ODBC driver to use to connect to the Contributor publish data store. On certain installs, the ODBC driver name for Oracle is not a default value, or more than one driver could be installed. Used by the client extension and PPES admin extension. Start Starting the Planning server Stop Stopping the Planning server Restart

IBM Cognos Planning Defines a group of properties that provide access to IBM Cognos Planning content. Use this group of properties to configure the access to Planning Contributor Data Server and Planning content store. A database resource component that points to the Planning Store is required when the planning server is installed. If the planning server component is installed on the same computer as Content Manager, the database resource can point to the same database that's used for Content Manager. Contributor Data Server Defines the properties for the Planning Contributor Data Server. Signature password Specifies the password that enables secure communication between IBM Cognos servers and Contributor Data Server for scheduled reports and agents. The password is case-sensitive and must match the Signature password property that you configure in IBM Cognos Series 7, Configuration Manager, IBM Cognos Planning / IBM Cognos - Contributor Data Server / General properties.