NTLM authentication

The NTLM authentication method reuses the identity information associated with the user's current Windows session. This identity information is gathered when the user initially logs in to Windows.

When both the client computer and the server computer belong to the same Windows domain or two separate Windows domains with established trust between them, this can provide a single sign-on experience.

If the client computer belongs to a separate Windows domain (without trust established to the server computer's domain), the current Windows session is not valid in the Windows domain of the server computer and the user will be prompted for user name and password. The user must then enter the user name and password of a valid account that belongs to the Windows domain of the server computer.

It is not possible to delegate NTLM authentication; Spotfire Server can not reuse the authentication credentials presented by the client, for example when authenticating against an Information Services data source that also uses NTLM. If you need such functionality, use Kerberos instead.

The NTLM authentication method can be combined with a user directory of either type:
  • LDAP (recommended)
  • Spotfire database, provided that the default post-authentication filter is configured in auto-creating mode

The following instructions assume that either combination of authentication and user directory is already fully working.

Setting up NTLM authentication involves two steps:

Creating a computer service account in your Windows domain

Configuring NTLM authentication