Authentication introduction
Installed clients, as well as web clients, connect to the Spotfire Server. When users of either client log in to a Spotfire Server, two things happen before they get access: authentication and authorization.

If username and password are used for authentication, users are checked against the internal Spotfire user directory, a custom Java Authentication and Authorization Service module, or an external LDAP directory. See the System Requirements for your version of the Spotfire Server for a list of supported authentication methods.
For single sign-on, Spotfire supports NTLM (deprecated), Kerberos, X.509 Certificates, and OIDC/OAuth2.0.
For anonymous authentication, a preconfigured Spotfire user identity is used to authenticate with the Spotfire Server.
Regardless of how the user is authenticated, the process of authorization is the same. The server checks the Spotfire user directory to determine which licenses, preferences, and permissions have been set for the user.
Optionally, the user and group accounts in the Spotfire user directory can be synchronized with an external LDAP directory. Spotfire supports the same LDAP servers for directory synchronization as it does for authentication.
For more information, see User authentication.
- Spotfire Server introduction
- Spotfire database introduction
- Nodes and services introduction
- Environment communication introduction
- Administration interface introduction
- Spotfire clients introduction
- Spotfire library introduction
- Users introduction
- Groups and licenses introduction
- Routing introduction
- Logging introduction
- Preferences introduction
- Deployments and deployment areas introduction
- Data sources introduction