Connecting to AtScale Using Windows Authentication
In production systems AtScale can communicate with Active Directory to
authenticate users. This can be achieved by enabling the
auth.ntlm.enabled
engine setting. You can also configure AtScale to
support concurrent authentication requests.
[!NOTE] When you manage users with Azure Active Directory and share reports with Power BI Gateway you can switch to token-based authentication. For details, see Using token-based authentication
Before you begin
Make sure you know how to modify the AtScale engine parameters. For details, see Changing Engine Settings.
Enabling Windows authentication
- Log in to AtScale.
- Go to Settings > Engine.
- Locate the
auth.ntlm.enabled
setting and enable it.
Engine restart is not required.
Enabling concurrent authentication requests
[!NOTE] These settings do not apply if NTLM pass-through authentication via Netlogon is configured. For details, see Connecting to Active Directory that uses LDAP Channel Binding.
Power BI Desktop can send concurrent NTLM authentication requests for the same user to AtScale. This can happen when opening a new workbook, or when rendering a moderately complex workbook (for example, workbooks displaying many filter controls).
To enable the processing of such requests you need to set the AtScale engine parameters listed below. They are available in Settings > Engine; those not listed directly should be entered as custom settings:
auth.ntlm.cache.enabled = True
auth.ntlm.ldap.allowConcurrentSocketFactoryUse = True
auth.ntlm.connectionPool.enabled = True
auth.ntlm.ldap.useSynchronousMode = False
In addition, you can tune the LDAP connection pool size using the parameters listed below. The values shown here are default, you can raise them to meet your needs:
auth.ntlm.ldap.initialConnections = 2
auth.ntlm.ldap.maxConnections = 10
Restart the AtScale engine to apply the engine parameters.