Skip navigation
All Places > Implementing ArcGIS > Blog > Authors ACotroneo-esristaff

An ArcGIS identity allows a person to participate in the platform; access, create, or share items as part of one or more groups; and use the platform to play a more collaborative role in the organization.

 

Participate

 

Identity Value

Identity information is used to uniquely and securely describe user access to maps, apps, data, and analysis within the ArcGIS platform. A person’s ArcGIS identity can be managed with built‐in security by ArcGIS or by federating ArcGIS with a a third‐party enterprise identity management system. Regardless of the approach, effective management of user identities and associative credentials is necessary for users to appropriately utilize and participate in the ArcGIS platform.

 

Identity

 

Roles

People access the ArcGIS platform through a role and set of privileges configured by an administrator. Roles can be tailored to individual users and their organizational responsibilities (examples include: viewer, editor, publisher, analyst, field technician, and administrator). The privileges associated with these roles ultimately permit people to join groups, access their own resources (data, maps, apps, and capabilities), and access resources that have been shared with them.

 

Role

 

Named User

An ArcGIS Identity is managed as a named user credential within the platform. This credential is used to sign into any app, on any device, at any time, and to provide access to all maps, apps, data, and analysis a particular user is entitled to. As users sign into the ArcGIS platform with their named user credentials, their identity gives them access to authoritative data, GIS capabilities, shared content, apps, and their saved maps and items. The named user model allows an organization to securely and appropriately extend the reach of its geospatial capabilities to everyone who needs them.

 

Named User

 

Groups

Users often participate in groups, an important aspect of the ArcGIS platform sharing model. A group is a collection of items (such as maps, apps, and named users) typically related to a specific area of interest (such as a business unit, initiative, or team). Groups are useful for organizing content and controlling access. If a group is private, only members will see the group and its content.

 

Managing Identity

Develop A Strategy! 

Depending on the needs of the organization, user identities can be managed with built‐in security by ArcGIS, or by using a third‐party identity management system. For small implementations, an ArcGIS administrator will want to leverage the built‐in security of the Enterprise portal to manually add and configure or batch import users. The administrator would then use a simple web interface to manage these users, the roles they assume, and the privileges they are granted. For larger implementations, enterprise identities and groups (managed external to ArcGIS) will be used by the Enterprise portal to control access to the platform. These implementations can leverage enterprise credentials from an existing Lightweight Directory Access Protocol (LDAP) server, an Active Directory server, or an identity provider that supports Security Assertion Markup Language (SAML) 2.0 Web Single Sign On. 

 

ArcGIS identities provide the organization with access control around platform content and capabilities and give users the ability to discover, share, and participate in the secure environment. Two approaches are provided to give organizations options for how to implement identity management within the ArcGIS platform. Choose the approach that best enables users to accomplish their business objectives.

 

Download the PDF for this presentation from the 2018 Esri User's Conference: Managing Identities

 

Architecting the ArcGIS Platform: Best Practices

This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include High Availability, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.

 

Best Practices

Specific business functions impact the performance of the ArcGIS platform in different ways. By allocating workloads to appropriate server resources organized by business function, organizations can maximize performance, reduce risk, and meet business‐defined service level agreements (SLAs). By implementing geospatial function isolation, organizations can reduce the risk that high‐intensity processes will consume cycles needed to support critical applications, or that an abnormal spike in requests will disrupt service for all users.

 

Design Approach Value

Workload separation is a design approach that enhances performance and reliability by aligning the technical implementation with organizational business requirements. Consider different business workflows to understand how each workflow impacts compute resources, and then use segregated and preplanned resource allocation to meet the needs of each workflow. 

 

Workload Separation

 

Maximize Performance

System performance is maximized when service requests are directed to compute resources in a way that optimizes hardware and reduces resource contention. Direct service requests that are known to be central processor unit (CPU) intensive, such as complex analysis tasks, to an ArcGIS Server site containing machines with faster processors. Direct less intensive requests, such as map visualization tasks, to more modest machines. This approach makes the best use of available compute resources to achieve the highest performance.

 

Reduce Risk

Workload separation also reduces the risk of service interruption. System stability is enhanced because overloaded machines cannot affect other machines in the environment, which in turn protects critical tasks from resource contention. Route user requests to the appropriate sites through load balancers and deliver results securely and transparently.

 

Develop a Strategy!

Allocate hardware around core GIS capabilities, including data management, analysis, and visualization functions. Some organizations may have more detailed separation needs around specific business functions (such as imagery, real‐time data, or caching), hardware characteristics, or SLA definitions. Use GIS patterns, SLAs, and performance expectations to determine how to best direct workloads to appropriate compute resources.

 

Download the PDF for this presentation from the 2018 Esri User's Conference: Designing a Robust Environment - Workload Separation

 

Architecting the ArcGIS Platform: Best Practices

This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include High Availability, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.

 

Best Practices