User authentication
Spotfire supports a variety of user authentication protocols for verifying the identities of users logging in to the program.
To configure authentication, you select both an authentication method and a user directory.
Spotfire supports the two main types of authentication—user name and password, and single sign-on—as well as two-factor and external methods.
- User name and password authentication methods
When users start a Spotfire Analyst client, they select which Spotfire Server to connect to. If that server is configured for a user name and password based authentication method, the users are also prompted for their user name and password. - Single sign-on authentication methods
Spotfire Server can be integrated with certain single sign-on systems that are used in enterprise environments. - Single logout (SLO)
Single logout (SLO) means that when a user that was logged in through some means of single sign-on (SSO) signs out of a particular application, the user will also be logged out from other applications in the same session. The Spotfire Server supports various forms of single logout - either initiating the logout, because the user logged out of the Spotfire Server, or acting on an event where the user logged out from some other application (by logging the user out of the Spotfire Server as well). - Two-factor authentication
Spotfire Server supports one form of two-factor authentication. It is possible to combine the chosen primary authentication method with X.509 client certificates. Typically, the primary authentication method in the two-factor authentication is Basic, but it is also possible to use the other authentication methods. - External authentication
Spotfire clients may access Spotfire Server through an external authentication mechanism, usually a proxy or a load balancer. - External directories and domains
You can configure Spotfire Server to integrate with external directories such as LDAP directories or Windows domains. - LDAP synchronizations
You can schedule when Spotfire Server synchronizes its user directory with LDAP directories. Both users and groups are synchronized in the background, and user and group look-ups query the Spotfire database rather than the LDAP directory. - LDAP authentication and user directory settings
The following information is required to set up LDAP authentication and user directory mode, including LDAP group synchronization. Contact the LDAP directory administrator if you do not have the required information. - Post-authentication filter
After a user's identity is validated, Spotfire Server performs an additional check using the post-authentication filter.
- User name and password authentication methods
When users start a Spotfire Analyst client, they select which Spotfire Server to connect to. If that server is configured for a user name and password based authentication method, the users are also prompted for their user name and password. - Single sign-on authentication methods
Spotfire Server can be integrated with certain single sign-on systems that are used in enterprise environments. - Single logout (SLO)
Single logout (SLO) means that when a user that was logged in through some means of single sign-on (SSO) signs out of a particular application, the user will also be logged out from other applications in the same session. The Spotfire Server supports various forms of single logout - either initiating the logout, because the user logged out of the Spotfire Server, or acting on an event where the user logged out from some other application (by logging the user out of the Spotfire Server as well). - Two-factor authentication
Spotfire Server supports one form of two-factor authentication. It is possible to combine the chosen primary authentication method with X.509 client certificates. Typically, the primary authentication method in the two-factor authentication is Basic, but it is also possible to use the other authentication methods. - External authentication
Spotfire clients may access Spotfire Server through an external authentication mechanism, usually a proxy or a load balancer. - External directories and domains
You can configure Spotfire Server to integrate with external directories such as LDAP directories or Windows domains. - LDAP synchronizations
You can schedule when Spotfire Server synchronizes its user directory with LDAP directories. Both users and groups are synchronized in the background, and user and group look-ups query the Spotfire database rather than the LDAP directory. - LDAP authentication and user directory settings
The following information is required to set up LDAP authentication and user directory mode, including LDAP group synchronization. Contact the LDAP directory administrator if you do not have the required information. - Post-authentication filter
After a user's identity is validated, Spotfire Server performs an additional check using the post-authentication filter.
Parent topic: Installation and configuration