An ArcGIS identity allows a person to participate in the platform; access, create, or share items as part of one or more groups; and use the platform to play a more collaborative role in the organization.
Identity information is used to uniquely and securely describe user access to maps, apps, data, and analysis within the ArcGIS platform. A person’s ArcGIS identity can be managed with built‐in security by ArcGIS or by federating ArcGIS with a a third‐party enterprise identity management system. Regardless of the approach, effective management of user identities and associative credentials is necessary for users to appropriately utilize and participate in the ArcGIS platform.
People access the ArcGIS platform through a role and set of privileges configured by an administrator. Roles can be tailored to individual users and their organizational responsibilities (examples include: viewer, editor, publisher, analyst, field technician, and administrator). The privileges associated with these roles ultimately permit people to join groups, access their own resources (data, maps, apps, and capabilities), and access resources that have been shared with them.
An ArcGIS Identity is managed as a named user credential within the platform. This credential is used to sign into any app, on any device, at any time, and to provide access to all maps, apps, data, and analysis a particular user is entitled to. As users sign into the ArcGIS platform with their named user credentials, their identity gives them access to authoritative data, GIS capabilities, shared content, apps, and their saved maps and items. The named user model allows an organization to securely and appropriately extend the reach of its geospatial capabilities to everyone who needs them.
Users often participate in groups, an important aspect of the ArcGIS platform sharing model. A group is a collection of items (such as maps, apps, and named users) typically related to a specific area of interest (such as a business unit, initiative, or team). Groups are useful for organizing content and controlling access. If a group is private, only members will see the group and its content.
Develop A Strategy!
Depending on the needs of the organization, user identities can be managed with built‐in security by ArcGIS, or by using a third‐party identity management system. For small implementations, an ArcGIS administrator will want to leverage the built‐in security of the Enterprise portal to manually add and configure or batch import users. The administrator would then use a simple web interface to manage these users, the roles they assume, and the privileges they are granted. For larger implementations, enterprise identities and groups (managed external to ArcGIS) will be used by the Enterprise portal to control access to the platform. These implementations can leverage enterprise credentials from an existing Lightweight Directory Access Protocol (LDAP) server, an Active Directory server, or an identity provider that supports Security Assertion Markup Language (SAML) 2.0 Web Single Sign On.
ArcGIS identities provide the organization with access control around platform content and capabilities and give users the ability to discover, share, and participate in the secure environment. Two approaches are provided to give organizations options for how to implement identity management within the ArcGIS platform. Choose the approach that best enables users to accomplish their business objectives.
Download the PDF for this presentation from the 2018 Esri User's Conference: Managing Identities