Authentication and user directory introduction
Installed clients, as well as web clients, connect to the Spotfire Server. When users of either client log in to a Spotfire Server, two things happen before they get access: authentication and authorization.
Authentication is the process of validating the identity of a user. Once the identity is validated, the user is authorized in the user directory. Authorizing users determines what their access rights are within the Spotfire environment—in other words, what they are allowed to do.
If username and password is used for authentication, they can be checked against the internal Spotfire user directory, a custom Java Authentication and Authorization Service module, or—the most common option—an external LDAP directory. Spotfire has built-in support for Microsoft Active Directory and the Directory Server product family, which includes Oracle Directory Server, Sun Java Directory Server, and Sun ONE Directory Server. Other LDAP servers can also be used.
For single sign-on, Spotfire supports NTLM, Kerberos, X.509 Certificates, and web authentication.
For anonymous authentication, a preconfigured Spotfire user identity is used to authenticate with the Spotfire Server.
Regardless of how the user was authenticated, the process of authorization is the same. The Spotfire Server checks the Spotfire user directory to determine a user's licenses. Licenses control which functions and analyses users can access with the Spotfire clients.
Optionally, the user and group accounts in the Spotfire user directory can be configured to be synchronized with an external LDAP directory. Spotfire supports the same LDAP servers for directory synchronization as it does for authentication.
In the user directory, users are organized into groups. The user and group information is used to assign permissions, licenses, preferences, and so on to the different resources available within the Spotfire environment.