NTLM authentication
The NTLM authentication method reuses the identity information associated with the user's current Windows session. This identity information is gathered when the user initially logs in to Windows.
When both the client computer and the server computer belong to the same Windows domain or two separate Windows domains with established trust between them, this can provide a single sign-on experience.
If the client computer belongs to a separate Windows domain (without trust established to the server computer's domain), the current Windows session is not valid in the Windows domain of the server computer and the user will be prompted for user name and password. The user must then enter the user name and password of a valid account that belongs to the Windows domain of the server computer.
It is not possible to delegate NTLM authentication; Spotfire Server can not reuse the authentication credentials presented by the client, for example when authenticating against an Information Services data source that also uses NTLM. If you need such functionality, use Kerberos instead.
- LDAP (recommended)
- Spotfire database, provided that the default post-authentication filter is configured in auto-creating mode
The following instructions assume that either combination of authentication and user directory is already fully working.
Setting up NTLM authentication involves two steps:
- Creating a computer service account in your Windows domain
To set up NTLM authentication, you must first create a computer service account, either by running a Visual Basic script that is distributed with Spotfire Server, or by creating the computer account manually. - Creating a computer service account manually
If you are setting up NTLM authentication and you are unable to run the SetupWizard.vbs script, or you prefer to create the account manually, follow these steps. - Configuring NTLM authentication for a single server
These instructions are for configuring NTLM authentication by using the command line.
- Creating a computer service account in your Windows domain
To set up NTLM authentication, you must first create a computer service account, either by running a Visual Basic script that is distributed with Spotfire Server, or by creating the computer account manually. - Creating a computer service account manually
If you are setting up NTLM authentication and you are unable to run the SetupWizard.vbs script, or you prefer to create the account manually, follow these steps. - Configuring NTLM authentication for a single server
These instructions are for configuring NTLM authentication by using the command line.