Single sign-on authentication methods
Spotfire Server can be integrated with certain single sign-on systems that are used in enterprise environments.
Spotfire Server can use the NTLM or Kerberos single sign-on authentication methods, where the identity information stored within the user's current Windows session is reused to authenticate the user on the server. Thus, when using these authentication methods, users are never prompted for user name or password when they log in to Spotfire Server. The Kerberos and NTLM authentication methods are commonly referred to as Integrated Windows Authentication.
Spotfire Server can also authenticate users based on X.509 certificates. This requires the server to be configured for mutual TLS, meaning HTTPS with X.509 client certificates.
- NTLM authentication
The NTLM authentication method reuses the identity information associated with the user's current Windows session. This identity information is gathered when the user initially logs in to Windows. - Kerberos authentication
Kerberos is a protocol that allows for secure authentication even over unsecure networks. It can be difficult to set up, but after it is fully working you have a very secure authentication system with the benefits of single sign-on. - Authentication using X.509 client certificates
When Spotfire Server is set up with HTTPS and is configured to require client certificates, the information from the certificates can also be used for login purposes. - Web authentication
When using web authentication, a web browser will be displayed for all users, allowing them to log in to Spotfire using an external authentication provider, such as Google. - Configuring anonymous authentication
Anonymous authentication allows anyone to access public information that is available for viewing on the Spotfire web client without prompting them for a user name or password.
- NTLM authentication
The NTLM authentication method reuses the identity information associated with the user's current Windows session. This identity information is gathered when the user initially logs in to Windows. - Kerberos authentication
Kerberos is a protocol that allows for secure authentication even over unsecure networks. It can be difficult to set up, but after it is fully working you have a very secure authentication system with the benefits of single sign-on. - Authentication using X.509 client certificates
When Spotfire Server is set up with HTTPS and is configured to require client certificates, the information from the certificates can also be used for login purposes. - Web authentication
When using web authentication, a web browser will be displayed for all users, allowing them to log in to Spotfire using an external authentication provider, such as Google. - Configuring anonymous authentication
Anonymous authentication allows anyone to access public information that is available for viewing on the Spotfire web client without prompting them for a user name or password.