Pulse connection to PA Cloud - Refresh Token expiry

Hey Pulse team

My understanding is, when connecting to PA Cloud, Pulse requests a new ‘Refresh Token’ when you re-save the credentials for that IBM environment, is my understanding correct?

Following that, our client is asking, is there any possibility to automate that refresh in Pulse in the future? It seems like unnecessary effort to have to manually keep re-saving it, but I’m sure there’s a technical reason why it isn’t already in Pulse

Cheers!

Hi Simon,

There are actually two ways for Pulse to connect to TM1 instances on PA SaaS (PA Cloud) environment: IBM ID or the non-interactive account.

Pulse PA SaaS with IBM ID:

When you use an IBM ID, someone has to click the Login button and enter their IBM credentials, Pulse will save the token.

Once the token expires, the Pulse Admin will get a notification (if the Credential Error Email Group is selected) and then the Pulse Admin will have to click the Login button again.

With the IBM ID, there is a manual step that needs to be done each time the token expires (roughly every 60 days).

Pulse with PA SaaS and non-interactive account

This brings two main benefits:

  1. The requests from Pulse are slightly faster than using IBM ID
  2. The user running the Pulse threads will be a technical user and not an existing IBM ID

More information here:

I hope this help,

Cheers,

Vincent

Thanks @Vincent - does that mean using the Non-Interactive account also means nothing expires on the IBM side? in general would you recommend always using Non-Interactive? What scenario if any would you suggest using IBMid?

Cheers!

Yes, I would recommend always using the non-interactive account. Using the non-interactive account is the same mechanism as CAM Security.

Hey @Vincent - can I clarify my understanding please?

From my reading of your comment on this post, for any IBM PA Cloud environment, to connect to Pulse, you must enter both an IBMid AND the non-interactive account details in order to receive the full functionality of Pulse, is that right? or am I misunderstanding?
Thanks,
Simon

Hi Simon,

When Pulse needs to connect to TM1 instances in a PA SaaS (PA Cloud) environment, Pulse will have to do two main things:

  1. Connect to Workspace to get the information about the TM1 instances (Login with IBM ID only)
  2. Connect to each TM1 instance via the TM1 REST API (Login with IBM ID or non-interactive account)

When using the non-interactive account in step 2, the manual refresh of the token still needs to happen in step 1 but it only impacts the data coming from Workspace.

Cheers,

Vincent

Hey @Vincent - thanks for the clarity - wouldn’t step 1 also require the refresh of the token because we use IBMid?

Cheers!

Yes indeed, in step 1, you still need to refresh manually the token when it expires (every 60-90 days).