User authentication
Spotfire supports a variety of user authentication protocols for verifying the identities of users logging in to the program.
To configure authentication, you select both an authentication method and a user directory.
Spotfire supports the two main types of authentication—user name and password, and single sign-on—as well as two-factor and external methods.
- User name and password authentication methods
When users start a Spotfire Analyst client, they select which Spotfire Server to connect to. If that server is configured for a user name and password based authentication method, the users are also prompted for their user name and password. - Single sign-on authentication methods
Spotfire Server can be integrated with certain single sign-on systems that are used in enterprise environments. - Two-factor authentication
Spotfire Server supports one form of two-factor authentication. It is possible to combine the chosen primary authentication method with X.509 client certificates. - External authentication
Spotfire clients may access Spotfire Server through an external authentication mechanism, usually a proxy or a load balancer. - External directories and domains
You can configure Spotfire Server to integrate with external directories such as LDAP directories or Windows domains. - LDAP synchronizations
You can schedule when Spotfire Server synchronizes its user directory with LDAP directories. Both users and groups are synchronized in the background, and user and group look-ups query the Spotfire database rather than the LDAP directory. - LDAP authentication and user directory settings
The following information is required to set up LDAP authentication and user directory mode, including LDAP group synchronization. Contact the LDAP directory administrator if you do not have the required information. - Post-authentication filter
After a user's identity is validated, Spotfire Server performs an additional check using the post-authentication filter.
- User name and password authentication methods
When users start a Spotfire Analyst client, they select which Spotfire Server to connect to. If that server is configured for a user name and password based authentication method, the users are also prompted for their user name and password. - Single sign-on authentication methods
Spotfire Server can be integrated with certain single sign-on systems that are used in enterprise environments. - Two-factor authentication
Spotfire Server supports one form of two-factor authentication. It is possible to combine the chosen primary authentication method with X.509 client certificates. - External authentication
Spotfire clients may access Spotfire Server through an external authentication mechanism, usually a proxy or a load balancer. - External directories and domains
You can configure Spotfire Server to integrate with external directories such as LDAP directories or Windows domains. - LDAP synchronizations
You can schedule when Spotfire Server synchronizes its user directory with LDAP directories. Both users and groups are synchronized in the background, and user and group look-ups query the Spotfire database rather than the LDAP directory. - LDAP authentication and user directory settings
The following information is required to set up LDAP authentication and user directory mode, including LDAP group synchronization. Contact the LDAP directory administrator if you do not have the required information. - Post-authentication filter
After a user's identity is validated, Spotfire Server performs an additional check using the post-authentication filter.
Parent topic: Installation and configuration