Skip navigation
All Places > Education > Blog > Authors geri_miller-esristaff
1 2 Previous Next

Education

30 Posts authored by: geri_miller-esristaff Employee

Hi Everyone,

 

If you use the ArcGIS API for Python to script provisioning of ArcGIS licensing, please read on…

 

As you may know, yesterday there was an update to ArcGIS Online. In conjunction, there was a release of the ArcGIS API for Python, version 1.5.2, which included better support for the new user types.

 

  1. We recommend updating to version 1.5.2 of the Python API, which is now available on the Esri conda channel. Note, the developer website will NOT go live until Monday. Please take a look at the following blog for more information.

 

  1. Please note that the name of the AppStudio entitlement has changed – it used to be “AppStudio for ArcGIS Standard”. Now it is “AppStudio for ArcGIS”. The key, “appstudiostd” stays the same. Please update your scripts accordingly, if you are currently provisioning AppStudio for ArcGIS Standard. Side note, this is to reflect a change of licensing for AppStudio – moving forward, and once migrated to the new institution agreement/site license, AppStudio Basic will be available to anyone via ArcGIS Online, while AppStudio Standard will be licensed through the ArcGIS Developer Subscription only. Further information can be found here.

 

Thanks to University of Michigan, University of Minnesota and Virginia Tech for testing early and confirming the above.

 

Let us know if you have any questions.

Simply sharing, AWS/Azure/GCP resources for research and teaching use - web meeting/presentations for instructional and research use, along with discussed resources.  

 

 

Please let us know if we can be of further help.  

Dear Colleagues:

 

You have likely seen information about the new User Types coming out in the December 4th release of ArcGIS Online. Some of you have asked how these new User Types will affect Education program offerings, therefore we wanted to provide an update.

 

Overall, not much will change immediately for those of us with Education program licenses, such as Site/Institution licenses, Lab Kit/Academic Department licenses, or Schools bundles.  However, these changes lay the groundwork for streamlining ArcGIS administration even further and we will see additional changes in the coming months.

 

What is changing in this December 4th release:

 

  • Level 1 named users will automatically be converted to Viewer User type.
  • Level 2 named users will automatically be converted to a Creator User type.
  • All capabilities of each user type remain the same.
  • Roles remain the same (Administrator, Publisher, User, Custom Roles, etc.).
  • An updated look/interface and updated Licenses and Members pages and workflows.  
  • For existing users, any already assigned licenses/entitlements will remain assigned.
  • For new users, licenses/entitlements of ArcGIS Pro and other apps (Business Analyst, Insights, etc.) will need to be assigned, as before.

 

Additional information on changes in this December 4th release can be found here.

 

What does the introduction of the new User Types mean over the coming months (i.e. future releases):

 

  • We anticipate additional changes in the March 2019 ArcGIS Online release which will provide the ability to configure additional app assignments in enterprise login settings.
  • We will continue to work towards automated provisioning of all apps included in Education program offerings so you can easily and efficiently provide your users with access to the full capabilities of ArcGIS.

 

In summary, this December release introduces some exciting new changes, and will see additional changes over the coming months. In the meantime, we continue to recommend enabling enterprise logins, if you haven’t yet, and following these best practices for administering ArcGIS.

 

Please let us know if you have any questions, feel free to post here.

Simply sharing 3D/Lidar resources - huge thanks to Geoff Taylor (Esri) and Christine Wacta (SCAD) for their inspirational presentations in a webinar focused on 3D and Lidar workflows and tools, and for their willingness to share content. Below are the resources we discussed:

 

We often get asked about the differences between My Esri and ArcGIS Online accounts in educational settings, and how the two are related. We wanted to document a few items to keep in mind - indeed, they are two different accounts, which could bring confusion.

 

My Esri - portal to manage your customer account information:

  •      Update contact and account information.
  •      Review order history and maintenance status.
  •      Access license information and generate provisioning files for users.
  •      Access software downloads.
  •      Create technical support cases.
  •      Manage conference registrations.
  •      Add users with customizable access levels, including adding users for Esri Training and GeoNet access (though not necessarily recommended to add students/faculty/staff for purpose of providing access to Esri Training, GeoNet, etc., more below).
  •      Your My Esri account is your identity to My Esri – this is your customer record.

 

ArcGIS (ArcGIS Online or ArcGIS Enterprise) named user account:

  •      Your ArcGIS account is your identity in the organization/portal, it is how you get access to ArcGIS Online and are provided various privileges and capabilities to work with ArcGIS, depending on your role (User, Publisher, Administrator, etc.).  
  •      If you enable Esri Access for an ArcGIS Online account, users can access Esri Training and GeoNet with their ArcGIS Online credentials. Hopefully those are enterprise accounts – i.e. your organization in Educational setting has enterprise logins enabled (SSO).
  •      If you are an Administrator, this ArcGIS account is used to grant entitlements for SAAS products (apps, ArcGIS Pro, etc.), also to enable Esri Access, and a number of other functions.
  •      This account stays with your institution, however, you may transfer any Training History to a personal (or other) account by reaching out to Esri Customer Service.

 

A few additional facts:

  •      If you already have Esri account for training, enabling Esri Access on ArcGIS Online account is not going to link that ArcGIS Online account to any existing Esri account (and to the training history, support, event registration, etc. associated with it)
  •      An individual could have Esri account tied to a personal email address, so that they can retain their training history after they leave the institution.
  •      If you are a student or faculty/staff, you can be linked to your institution’s My Esri (customer record). Note that we don’t necessarily recommend this, unless this individual will be helping with management of downloads files, generation of provisioning files, calling Technical Support, and other similar functions.
  •      If you have purchased a license from Esri (Personal Use, Student Use), you will have your own Esri organization.
  •      Therefore, you may have multiple Esri accounts.
  •      A single email address may be tied to multiple ArcGIS Online accounts, but to only one Esri account (Exception: ".edu" and ".esri.com" emails may have multiple).
  •      When logging to Esri Training or GeoNet, one must use (a) an Esri Account, or (b) an ArcGIS Online account with Esri Access enabled.

 

Recommendations/Considerations:

  •      There are various approaches for management, but we typically don’t recommend adding students to the My Esri organization, as this would impose manual admin work to grant such access, and work for students to accept email invitations the correct way and with the correct account, and to keep track of which account is used for what. This may appear to be an acceptable option for managing a class or two, but not for empowering your whole institution to use ArcGIS.
  •      We do recommend enabling Esri Access via ArcGIS Online accounts – if an institution has implemented enterprise logins, this is an automated process for anyone joining the organization (no additional work for admin or students).
  •      Additional information for recommended way to share downloads/executables/provisioning files is here, so that it does not have to be done through My Esri for everyone in an institution.
  •      Any of the above options make it challenging to retain Training History (certifications from courses, etc.) – the solution for now, for whoever wishes to preserve their training history upon leaving the institution, is to reach out to Customer Service and request their training history be transferred from their institutional ArcGIS account to a public one.

Huge thanks to Ryan Danzey (Esri), Richard Tsung (USC),  Duffy Chisholm (UCR) and Hoori Ajami (UCR) for sharing their experiences in virtualizing ArcGIS Pro!!!

 

  • The recording and slides are located  here

 

Below are a couple of resources for what we discussed - be on the lookout for a blog and further resources coming up on AWS AppStream!

 

 

Please post any questions or further follow up here. 

Simply sharing, if you have not seen the following resources, covering a great variety of capabilities and topics with Esri platform.

 

  • YouTube - 50 Tech Workshops are publicly available to share with your faculty/staff/students
  • Slides - PDF versions of the PowerPoint slides from each workshop (Esri Events Proceedings page)

 

Along the same lines, the 2018 Esri Developer Summit offerings are here.

For those of you interested, and if you have not seen this already, this Story Maps and the Digital Humanities collection contains some inspirational examples of humanities/education/academic oriented story maps. 

 

It is a companion to Allen Carrol's recent blog post on this topic.

 

Enjoy.

We often get asked “I’d like my students, staff or faculty to use ArcGIS Pro, what is the best way to distribute the executable to them”? This applies to any other Esri application that needs to be downloaded and installed, such CityEngine, ArcGIS Enterprise, etc. There are a few ways to accomplish this, and our recommendation is to use the institutional shared file system (same applies for distributing single use provisioning files, though the recommended way of licensing ArcGIS Pro is through a named user account in an ArcGIS Online organization).

 

  •      Use your institution’s shared file system – this could be Box, Google Drive, shared drives, whatever method is typically used to distribute files. Advantages are:
    •      One location for accessing the executables that can be used by everyone in the organization (this makes it easy for ArcGIS administrators, instructors and students).
    •      It can be behind the same single-sign-on (SSO) as your ArcGIS Online organization, LMS or other business systems – makes it easy for students, staff and faculty to simply login with their known enterprise credentials and download.
    •      Potentially faster download speed.

 

  •      Use My Esri – this could be an involved process if one wants to provide Download access to many students, staff and faculty. We generally discourage it for the reasons below – and of course exceptions apply.
    •      This involves an invitation to My Esri initiated by the administrator.
    •      Depending on whether the My Esri account is already in the system, there may be additional interaction to Request Permission (for Downloads in this case).
    •      There are a couple of notification emails that would go out to students, staff, faculty who are being given those permissions, such as “your permissions request has been received”, or “your request has been approved” notifications.
    •      This can be burdensome for administrators (to have to manage the requests), for instructors (to have to instruct their students where to go to download), and for students (to have to navigate My Esri to get to downloads).
    •      From Administrator standpoint, this does not scale well for increased number of users.

 

  •      Use trial downloads – we generally discourage this method, as it has users creating additional accounts that can be confusing with any other My Esri or ArcGIS Online accounts they already have.


Feel free to share feedback.

We often get questions by academic users on how to teach with ArcGIS Enterprise, especially by those who have been teaching with a standalone ArcGIS Server. For anyone new to ArcGIS Enterprise - ArcGIS Server was renamed to ArcGIS Enterprise as of the 10.5 release, to reflects its functional capabilities and a modern Web GIS pattern. ArcGIS Enterprise is how we do Web GIS in an organization’s infrastructure.

 

We wanted to outline a couple of possibilities in terms of teaching and deployment in the classroom. They are simply scenarios, and we welcome any feedback if anyone has utilized any of these, or other, patterns. Choosing an option will depend on your purpose:

 

  •      If one wants to empower many instructors and students to participate in innovative educational opportunities, enabled by ArcGIS Enterprise advanced services and capabilities, the first listed option would probably be best. In this case, the instructors or students do not necessarily need to know everything about the underlying technology, they just need to take advantage of the capabilities, once it is setup for them.
  •      If one wants to teach administrative aspects of deploying a technology such as ArcGIS Enterprise, then the second and third options may work better.

 

Note that there are a number of System Requirements that we need to keep in mind as we teach with ArcGIS Enterprise, specifically the need for Domain Name Service (DNS), Fully Qualified Domain Name (FQDN) and SSL certificates – items that we didn’t necessarily have to think about with the older standalone ArcGIS Server pattern.

 

  •      ArcGIS Enterprise deployed for a course/program
    •      All students are Publishers in the portal
    •      Everyone leverages advanced services (geocode, image, geoprocessing, etc.)
    •      Everyone leverages advanced capabilities and server roles (GeoEvent/Real Time GIS, GeoAnalytics, Raster Analytics, Business Analyst)
    •      Everyone uses ArcGIS Pro to share to the portal
    •      Enterprise logins (SSO) can be used to alleviate manual student user creation

 

  •      ArcGIS Enterprise for a course (base ArcGIS Enterprise deployment managed by instructor, students having standalone ArcGIS Server machines, which they will federate with Portal for ArcGIS)
    •      Instructor has the base ArcGIS Enterprise deployment (Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, 2 ArcGIS Web Adaptors)
    •      If there are 20 students in a course, each of the 20 students will have their own ArcGIS Server machine – they will be Administrators on the Instructor portal and each student will federate his/her ArcGIS Server site to the Instructor portal (so 20 federated servers). They will do this as an exercise, i.e. practice some of the installation steps, but understand the importance of the portal in a modern Web GIS pattern. They will not get to setup the portal homepage and other settings.
    •      Everyone can leverage advanced services and capabilities.
    •      Everyone uses ArcGIS Pro to share to the portal.
    •      Note, this scenario with many federated servers has not been tested (a couple of universities are planning to implement it in Fall 2018) so please do test and share any results if this is your pattern of choice, especially if you have a lot of students in a course.

 

  •      Every student gets their own ArcGIS Enterprise deployment (students practice administration of ArcGIS Enterprise, including installation, portal setup (homepage, users, and various administrative duties)). We use this option in a "Web GIS" course at Johns Hopkins University, so I’ll take the liberty to document a few details.
    •      Students were given a scenario that they work for the City of X, and were tasked with deploying and administering a Web GIS in the city's infrastructure, to provide apps and capabilities to the city's constituents. They got to install ArcGIS Enterprise, setup the portal, add users, and wear an administrator hat. They really enjoyed it – it was empowering, after they’ve worked with a SaaS such as ArcGIS Online, to be able to do many things on premise themselves, including Real Time GIS!
    •      We leverage AWS as an infrastructure but this could be done on-premise or with other cloud platforms, such as Azure or Google Cloud (GCP). Every student gets a dedicated EC2 instance. We have AWS federated logins and SSO (which means no manual IAM user creation for students – access gets controlled through Active Directory (AD) groups and roles mapped to them). Therefore, students can just login to the AWS console using their student credentials, and they have privileges to start/stop/restart their own instances and no one else’s.
    •      Esri Cloud Formation, Esri ArcGIS Enterprise AMIs or ArcGIS Enterprise Builder can be used in this scenario.
    •      We favored the use of ArcGIS Enterprise Builder deployed by students on a preconfigured AMI we setup beforehand (starting with the standard AWS Windows Server 2016 instance, turning off Internet Explorer Enhanced Security Configuration, setting up Chrome as a default browser, installing Notepad ++, Installing ArcGIS Pro, copying the install executables on the AMI, and a few other tweaks)
    •      We used AWS Route 53 for DNS, our own domain hosted in AWS (such as gis-jhu.education), and record sets for each student. Let’s Encrypt wildcard cert was used by all students. We could have worked with Central IT to register all student instances with JHU DNS, but they recommended against Elastic IPs, required all internal traffic, which meant the students would have to VPN, which was not ideal for a fully online program, given that our students could be anywhere geographically. Hence, managing everything within AWS appeared to be an easier approach. However, there are many options in terms of networking and fulfilling the system requirements.
    •      At the end of class, we had a DevOps scenario, and students again got to configure a base deployment using Chef Solo (free Chef Client download), and Esri Chef cookbooks, specifically the ArcGIS Enterprise recipe – powerful way to observe Web GIS automation and deploy via a script.

 

Note that to deploy ArcGIS Enterprise for teaching, licensing will be needed for the ArcGIS Server component as well as the Portal for ArcGIS component. For the Portal for ArcGIS licensing, you will likely need to reach out to your Esri Account Manager and specify the number of named users you’d like to have in your portal. For the last described pattern (each student having their own ArcGIS Enterprise deployment), licensing for the Portal for ArcGIS component would need to be obtained for each student through the ArcGIS Developer Subscription, documented here. Students will get a portal with 5 named users.

 

If anyone has used the above scenarios, or others, please do share what worked, if any challenges were encountered.

 

Resources:

In a recent Ed Summit 2018 workshop on “Best Practices for Administering ArcGIS in Education” we shared a number of recommended workflows applicable to academic setting. Some of the key ideas are below:

 

  • Web GIS is not just “more and better” GIS, rather a whole new way of doing GIS, which requires new ways of managing GIS.
  • Build bridges with stakeholders within your institution who can facilitate these best practices – collaborate with experts in enterprise systems, identity management, information assurance, etc.
  • Maximize access to ArcGIS and minimize time/cost spent managing ArcGIS - it takes more time to restrict access.
  • Enable enterprise logins, commonly referred to as Single Sign On (SSO), and auto-provision new users for Role (Publisher), Credits, Esri Access, Entitlements, etc. This eliminates manual account creation and management when user status changes (student graduates, faculty retire, staff leave).
  • Enable access for everyone – once SSO is implemented, new users can automatically join and leverage the technology. Consider ArcGIS to be enterprise-level system similar to email, LMS, file servers. 
  • Enable Esri Access for any incoming user as part of auto-provisioning (possible after latest June 2018 ArcGIS Online release) – empowering users to help themselves by getting access to Esri Training, Learn ArcGIS, GeoNet.
  • Enable access to everything – grant entitlements for all common apps (ArcGIS Pro, GeoPlanner, Insights for ArcGIS, Community Analyst, Business Analyst, etc.) for any incoming users (currently done via script). Ensure that any such scripting is enterprise-level – robust, scalable, secure, reliable.
  • Set credit quota – high enough so that users can do their work, low enough to protect them from mistakes.
  • Use a single ArcGIS Online organization, where possible, which avoids impeding collaboration and means reduced combined management workload.
  • Disable offline licensing for ArcGIS Pro via Named User licensing, and instead provide Single-Use licenses for potential offline use cases. 
  • Do nothing as a best practice – no need to delete accounts, delete content, etc. 
    • Rely on official institution sources to track when person’s status changes – students graduate, faculty retire, staff leave – configure SSO to deny access for ineligible users.
    • Do not delete content as there may be dependencies and others may be relying on this content.

 

We welcome any feedback on the above recommendations!

 

Peter Knoop (University of Michigan)

Geri Miller (Esri)

For a while we have recommended that the best approach for managing ArcGIS Online or ArcGIS Enterprise portals, including named users, entitlements, Esri Access, credits, etc., is to enable enterprise logins, commonly referred to as Single Sign On (SSO). So far, the only supported configuration for enterprise logins was using one identity provider (IDP), Shibboleth and Active Directory Federation Services being some of the common ones in academia.   

 

As of the latest June 2018 release of ArcGIS Online (and the pending ArcGIS Enterprise 10.6.1 release in July), we now support enabling enterprise logins via a federation of identity providers. Identity federation allow users belonging to an existing inter-organizational federation, such as InCommon (United States), SWITCHaai (Switzerland), DFNaai (Germany), and others, to sign in with credentials supported by that federation. Each member organization continues to use their own IDP, but configures an SP (i.e. ArcGIS) to work exclusively within the federation. This is a request we’ve received by quite a few institutions and wanted to document some of the functionality and cases where it may be beneficial.

 

NOTE: ArcGIS is not joining the InCommon, Switch or DFN federations as a member. Hence, Esri will not be listed as an SP entity.  Rather, ArcGIS Online or ArcGIS Enterprise portals will need to be added as a new SP to the federation. This will enable users to share and access their web resources within the federation, and have a seamless login experience. The following SWITCHaai documentation provides an easy to understand explanation and graphic.

 

  •      Cases where it would be beneficial:
    •      Requirement imposed by institution’s IT/Central Services – many institutions who are InCommon participants have been able to implement enterprise logins configured with one identity provider (IDP), however, some institutions have their own requirements that mandate support for identity federation. With identity federation supported in ArcGIS, now these institutions who have such requirement could proceed with enabling enterprise logins.
    •      Multiple campuses using multiple identity providers (IDP) – for example, three campuses of the same institution using three different Shibboleth instances to provide identification – in these instances, institutions will use identity federation to integrate with their three local Shibboleth installations. This will be an example of identity federation, which is not related to InCommon, SWITCHaai, DNFaai, or other inter-organizational federations.
    •      Potential benefits for users who wish to enable collaboration across and between different educational institutions - for example, if this capability did not exist, and a student/faculty/staff from University X wanted to access resources hosted by University Y, they would need an account from university Y to login to the portal. Therefore, to access resources spread across different, un-federated universities, one would need different login accounts, which complicates both user login experience and user management. Having identity federation will simplify this and allows for a single enterprise ID to be used (as long as the institutions belong to the same federation).
    •      Learning Tools Interoperability (LTI) compatibility requirements – LTI being a protocol for various services and service providers to integrate with Learning Management Systems (LMS) – some entities have this requirement to connect LMS with external service tools (i.e. ArcGIS). Since ArcGIS technology provides a teaching and learning environment in education, this new identity federation capability could fulfil such requirements to integrate ArcGIS technology with LMS platforms.

 

  •      Identity federation setup and user experience:
    •      An institution must be a member of a federation to use this new feature. When administrators and IT staff configure enterprise logins using a federation of identity providers, there are a number of parameters needed, including URL of the federation (Federation Discovery Service URL), Metadata Aggregate URL, and Certificate to validate the aggregate metadata.
    •      When identity federation is configured, the same option applies as when using a single IDP – users will be able to join automatically or by invitation. When multiple institutions are members of the federation, it may be recommended to use the “Upon invitation from an administrator” option. This means that users from a federation must be explicitly invited, i.e. in the ArcGIS Online or  ArcGIS Enterprise portal settings, an administrator would go to Invite Members, and use the option “Invite members to join using their enterprise logins”. Then users would be able to have the same user login experience, using their respective institution’s enterprise credentials. Sharing of content is protected by the existing ArcGIS security model and groups are leveraged to restrict access. Note, SAML-based group membership is not yet supported with identity federation.

  •      Once the ArcGIS Online organization is registered as a member of the federation, the login experience is the same on the initial login page (when the user chooses either to login using an enterprise account or ArcGIS account). If identity federation is configured, the organization is a member of a federation of multiple members, what needs to happen is the federation needs to identify the home organization, i.e. where you are from, and a user will be prompted to a centralized Discovery Service Page, on which they will be asked which university/entity they belong to.

 

 

 

 

 Further feedback is welcome!

Special thanks to our presenters in our Curriculum web meeting, and for the excellent discussion!! Recording and slides are now on Box.

 

  • Bill Slocumb (NC State University)
  • Rama Sivakumar (Georgia Tech)
  • Stephanie Deitrick (Arizona State University)

 

What was discussed:

 

  • Brief overview of programs, and respective discussion of Web GIS/Programming/Data Systems
  • Specifics on what is taught in courses
  • Overall experiences

 

Thank you Bill, Siva and Stephanie!

For those of us teaching with ArcGIS Pro (or currently migrating), attached is a training guide from our friends in Esri Training Services, containing a collection of web courses, lessons, tutorials, training seminars, MOOCs, etc.

 

Of course these resources are available at Esri Training, Learn ArcGIS, Documentation, etc. but the PDF contains logical groupings which may appeal to some. 

Huge thanks to Eric Shook (University of Minnesota), Patricia Carbajales (Clemson University) and Blake Lytle (Clemson University) for their fantastic presentations and follow up discussions on CyberGIS/HPC. 

 

The recording and slides are located here.

Filter Blog

By date: By tag: