Integrating MicroStrategy Web and MicroStrategy Mobile with MicroStrategy Identity

You can enable users of MicroStrategy Secure Enterprise to log in to MicroStrategy business intelligence projects by authenticating with MicroStrategy Identity.

MicroStrategy Secure Enterprise is a suite of business intelligence software that supports a full range of analytic functionality, from interactive business dashboards to sophisticated statistical analysis and data mining.

Within MicroStrategy Secure Enterprise, MicroStrategy Web is an environment for interactive analysis. It provides a full set of data browsing, drilling, and reporting development capabilities that enable stream-of-consciousness navigation. Reports and dashboards can be generated using a range of charting and visualization capabilities.

MicroStrategy Mobile gives users access to MicroStrategy reports and dashboards on their mobile devices and allows users to analyze and interact with business data.

MicroStrategy Identity is supported as a primary authentication method for MicroStrategy Web and MicroStrategy Mobile, and for two-factor authentication in MicroStrategy Web.

If you compile your own MicroStrategy Mobile app for iOS and use MicroStrategy Identity Server installed in your IT infrastructure (on-premise), you must perform alternate steps to add your custom MicroStrategy Mobile app to MicroStrategy Identity. (If you have MicroStrategy 9.5.x, see Integrating a Custom Application with MicroStrategy Identity.)

Registering MicroStrategy products with MicroStrategy Identity

To establish a connection between MicroStrategy Identity and your MicroStrategy products and components, you must register your MicroStrategy products and components with MicroStrategy Identity, using the following procedure.

You have MicroStrategy 10.x.
You have already created an Identity Network and associated badge. For steps, see Creating a MicroStrategy Identity Network and Issuing an Administrator Badge.

If you have connected your LDAP server to Intelligence Server, your MicroStrategy Identity users must also be sourced from LDAP. See User Management > Synchronize with your existing IDM.
If you are not using LDAP, each of your users must include a MicroStrategy Global Unique Identifier (GUID). For steps, see Configuring Single Sign-On to MicroStrategy Without LDAP.

To display a custom image on your MicroStrategy login page, you must create the image to display. Supported image formats are .png, .jpeg, and .jpg file types.

To Register MicroStrategy Web or MicroStrategy Mobile with MicroStrategy Identity

Log into MicroStrategy Identity Manager:
1. Navigate to the Identity Manager home page.
2. On your smartphone, open the MicroStrategy Badge app and scan the displayed QR code.
Click Logical Gateways.
Under MicroStrategy Platform Login, click the MicroStrategy icon . Review the message, then click Continue.
You can change the image that is displayed on your MicroStrategy login page. Next to the image preview, click Import an Icon. Select an image to display, then click Open.
In the Enter Display Name field, type a name to display on your MicroStrategy login page.
If you compile your own MicroStrategy Mobile app for iOS and use MicroStrategy Identity on MicroStrategy Cloud, in the Additional Bundle IDs field, type the bundle identifier for your custom MicroStrategy Mobile app. To provide multiple bundle identifiers, separate them with a comma. The bundle identifier value is case-sensitive.
Click Next.
Note the values for Organization ID, Application ID, and Token. You use these values to configure MicroStrategy Intelligence Server.
Click Done.

Next, configure MicroStrategy Intelligence Server for authentication with MicroStrategy Identity.

Configuring MicroStrategy Identity in MicroStrategy Web and Mobile

To allow users to log in to MicroStrategy Web and Mobile with MicroStrategy Identity, you must configure it as a trusted authentication provider in Web Administrator and Mobile Administrator, as described in the following procedure.

For MicroStrategy 9.5.x, instead of this procedure, see Setting up MicroStrategy Identity in your MicroStrategy applications.

You have registered your MicroStrategy products with MicroStrategy Identity, as described in Registering MicroStrategy products with MicroStrategy Identity, and noted the Organization ID, Application ID, and Token provided by MicroStrategy Identity.
You have upgraded your MicroStrategy metadata. For steps to upgrade your MicroStrategy metadata, see the Upgrade Help.
Enabling Identity authentication without upgrading your metadata may cause your users to be locked out of MicroStrategy applications.
If you are enabling two-factor authentication for Web using MicroStrategy Identity, you have added at least one user to the Two-factor Exempt (2FAX) user group in your MicroStrategy project. MicroStrategy users who are members of the Two-factor Exempt (2FAX) group are exempt from two-factor authentication, and do not need to provide an Badge Code to log into MicroStrategy Web. It is recommended that these users have a secure password for their accounts, and use their accounts for troubleshooting MicroStrategy Web.
Ensure that you configure your LDAP server information correctly in your Intelligence Server. If it is not configured correctly, two-factor authentication cannot be used and therefore users will not be able to log in to the server.

To Enable MicroStrategy Identity Authentication in Web and Mobile

Configure Intelligence Server for MicroStrategy Identity Authentication

From the Windows Start menu, choose All Programs > MicroStrategy Tools > Web Administrator.
For your Intelligence Server, click Modify.
Next to MicroStrategy Identity Configuration, click Setup.
In the Connectivity section, in the MicroStrategy Identity Server URL field, enter the MicroStrategy Identity Server URL and port number for 1-way SSL.
In the OrgID field, type the Organization ID from MicroStrategy Identity Manager.
In the AppID field, type the Application ID from MicroStrategy Identity Manager.
If you want to use Identity as a two-factor authentication system, select the Enable two-factor authentication check box. The Security token field is enabled.
MicroStrategy users who are members of the Two-factor Exempt (2FAX) group are exempt from two-factor authentication, and do not need to provide an Badge Code to log into MicroStrategy Web. It is recommended that these users have a secure password for their accounts, and use their accounts for troubleshooting MicroStrategy Web.
In the Security token field, type the Security Token from MicroStrategy Identity Manager.
To use the connection between your MicroStrategy Identity Server and LDAP, check the box labeled Import Identity User. By enabling the import process, the Identity users synchronized from LDAP are added without having to manually add them.
Click Save. To save the configuration, you are prompted for your MicroStrategy credentials.
Type your MicroStrategy user name and password, and click Login.

Enable MicroStrategy Identity Authentication in MicroStrategy Web and Mobile

In Web Administrator, from the menu on the left, click Default Properties.
In the Login area, for Trusted Authentication Request, select the Enabled check box.
From the Trusted Authentication Providers drop-down menu, select MicroStrategy Identity.
Click Save.
In Mobile Administrator, from the menu on the left, click Mobile Configuration.
For the configuration name where you want to enable Identity authentication, click the Modify icon in the Actions column.
Click on the Connectivity Settings tab.
Under Default Project Authentication, open the drop-down menu for the Authentication mode setting and select MicroStrategy Identity.
Click Save.
Return to the Mobile Configuration page and repeat the modify steps for each other configuration name where you want to enable Identity authentication.

Next, log into MicroStrategy with MicroStrategy Identity to test the configuration.

Log into MicroStrategy Web (Workstation)

You must have an badge for a user that has a user name mapped to a MicroStrategy user ID.

Access the MicroStrategy Web landing page. The QR Code will appear.
On your smartphone, open the MicroStrategy Badge app and scan the displayed QR code.

If an error occurs, verify you are using the correct badge to log in and that the single sign-on settings on Intelligence Server are configured correctly.

Log into MicroStrategy Web (Mobile Device)

You have the MicroStrategy Badge app on the same mobile device you use to access MicroStrategy Web. Additionally, you must have a badge for a user that has a user name mapped to a MicroStrategy user ID

Access the MicroStrategy Web landing page. Note the Use MicroStrategy Identity to login button.
Tap the button to redirect to the MicroStrategy Badge app. If prompted, confirm which badge you are using to log in.

If an error occurs, verify you are using the correct badge to log in and that the single sign-on settings on Intelligence Server are configured correctly.

Log into MicroStrategy Mobile

You must have the MicroStrategy Badge app on the same device as MicroStrategy Mobile. Additionally, you must have a badge for a user that has a user name mapped to a MicroStrategy user ID.

Launch MicroStrategy Mobile. Note the Sign in with MicroStrategy Identity button.
Tap the button to redirect to the MicroStrategy Badge mobile app. If prompted, confirm which badge you are using to log in.

If an error occurs, verify you are using the correct badge to log in and that the single sign-on settings on the Intelligence Server are configured correctly.