Connecting to AtScale Using Windows Authentication

In production systems AtScale can communicate with Active Directory to authenticate users. This can be achieved by enabling the auth.ntlm.enabled engine setting. You can also configure AtScale to support concurrent authentication requests.


When you manage users with Azure Active Directory and share reports with Power BI Gateway you can switch to token-based authentication. For details, see Using token-based authentication

Before you begin

Make sure you know how to modify the AtScale engine parameters. For details, see Changing Engine Settings.

Enabling Windows authentication

  1. Log in to AtScale.
  2. Go to Settings > Engine.
  3. Locate the auth.ntlm.enabled setting and enable it.

Engine restart is not required.

Enabling concurrent authentication requests


These settings do not apply if NTLM pass-through authentication via Netlogon is configured. For details, see Connecting to Active Directory that uses LDAP Channel Binding.

Power BI Desktop can send concurrent NTLM authentication requests for the same user to AtScale. This can happen when opening a new workbook, or when rendering a moderately complex workbook (for example, workbooks displaying many filter controls).

To enable the processing of such requests you need to set the AtScale engine parameters listed below. They are available in Settings > Engine; those not listed directly should be entered as custom settings:

  • auth.ntlm.cache.enabled = True
  • auth.ntlm.ldap.allowConcurrentSocketFactoryUse = True
  • auth.ntlm.connectionPool.enabled = True
  • auth.ntlm.ldap.useSynchronousMode = False

In addition, you can tune the LDAP connection pool size using the parameters listed below. The values shown here are default, you can raise them to meet your needs:

  • auth.ntlm.ldap.initialConnections = 2
  • auth.ntlm.ldap.maxConnections = 10

Restart the AtScale engine to apply the engine parameters.