Spotfire® Server and Environment - Installation and Administration

Authentication introduction

Installed clients, as well as web clients, connect to the Spotfire Server. When users of either client log in to a Spotfire Server, two things happen before they get access: authentication and authorization.

Authentication is the process of validating the identity of a user. Once the identity is validated, the Spotfire Server retrieves the user authorization. This in turn determines the users access rights within the Spotfire environment—in other words, what they are allowed to do.
Authentication and Authorization options

If username and password are used for authentication, users are checked against the internal Spotfire user directory, a custom Java Authentication and Authorization Service module, or an external LDAP directory. See the System Requirements for your version of the Spotfire Server for a list of supported authentication methods.

For single sign-on, Spotfire supports NTLM (deprecated), Kerberos, X.509 Certificates, and OIDC/OAuth2.0.

For anonymous authentication, a preconfigured Spotfire user identity is used to authenticate with the Spotfire Server.

Regardless of how the user is authenticated, the process of authorization is the same. The server checks the Spotfire user directory to determine which licenses, preferences, and permissions have been set for the user.

Optionally, the user and group accounts in the Spotfire user directory can be synchronized with an external LDAP directory. Spotfire supports the same LDAP servers for directory synchronization as it does for authentication.

For more information, see User authentication.