Pulse connection to PA Cloud - Refresh Token expiry

saylett · May 12, 2023, 9:40am

Hey Pulse team

My understanding is, when connecting to PA Cloud, Pulse requests a new ‘Refresh Token’ when you re-save the credentials for that IBM environment, is my understanding correct?

Following that, our client is asking, is there any possibility to automate that refresh in Pulse in the future? It seems like unnecessary effort to have to manually keep re-saving it, but I’m sure there’s a technical reason why it isn’t already in Pulse

Cheers!

Vincent · May 12, 2023, 12:25pm

Hi Simon,

There are actually two ways for Pulse to connect to TM1 instances on PA SaaS (PA Cloud) environment: IBM ID or the non-interactive account.

Pulse PA SaaS with IBM ID:

When you use an IBM ID, someone has to click the Login button and enter their IBM credentials, Pulse will save the token.

Once the token expires, the Pulse Admin will get a notification (if the Credential Error Email Group is selected) and then the Pulse Admin will have to click the Login button again.

With the IBM ID, there is a manual step that needs to be done each time the token expires (roughly every 60 days).

Pulse with PA SaaS and non-interactive account

This brings two main benefits:

The requests from Pulse are slightly faster than using IBM ID
The user running the Pulse threads will be a technical user and not an existing IBM ID

More information here:

I hope this help,

Cheers,

Vincent

saylett · May 12, 2023, 1:52pm

Thanks @Vincent - does that mean using the Non-Interactive account also means nothing expires on the IBM side? in general would you recommend always using Non-Interactive? What scenario if any would you suggest using IBMid?

Cheers!

Vincent · May 12, 2023, 1:54pm

Yes, I would recommend always using the non-interactive account. Using the non-interactive account is the same mechanism as CAM Security.

saylett · May 22, 2023, 1:07pm

Hey @Vincent - can I clarify my understanding please?

From my reading of your comment on this post, for any IBM PA Cloud environment, to connect to Pulse, you must enter both an IBMid AND the non-interactive account details in order to receive the full functionality of Pulse, is that right? or am I misunderstanding?
Thanks,
Simon

Vincent · May 22, 2023, 1:19pm

Hi Simon,

When Pulse needs to connect to TM1 instances in a PA SaaS (PA Cloud) environment, Pulse will have to do two main things:

Connect to Workspace to get the information about the TM1 instances (Login with IBM ID only)
Connect to each TM1 instance via the TM1 REST API (Login with IBM ID or non-interactive account)

When using the non-interactive account in step 2, the manual refresh of the token still needs to happen in step 1 but it only impacts the data coming from Workspace.

Cheers,

Vincent

saylett · May 22, 2023, 1:28pm

Hey @Vincent - thanks for the clarity - wouldn’t step 1 also require the refresh of the token because we use IBMid?

Cheers!

Vincent · May 22, 2023, 1:38pm

Yes indeed, in step 1, you still need to refresh manually the token when it expires (every 60-90 days).