Streamlining authentication between ArcGIS Online and Portal to support embedded content

LoganShank — Wed, 18 Feb 2026 19:55:24 GMT

Our team recently encountered a significant limitation in ArcGIS Experience Builder and Operations Dashboards that affects organizations using hybrid AGOL + Portal architectures. After working extensively with Esri Support (Case #04081687), we’ve confirmed that the current embed widget does not support passing credentials from ArcGIS Online (AGOL) into Portal to retrieve embedded content. This gap creates challenges for organizations that need to securely display internal content in AGOL-hosted apps.

The Problem

We collect hundreds of thousands of photos every year using Survey123. To manage this quantity of photos, we ingest, rename and store them in our Azure file system in folders by site. Rather than have users manually open each photo, we generate HTML pages of each folders contents. These HTML pages display thumbnails of all photos within its respective directory, photo names, photo comments and links to open the source photo. This photo directory including the HTML pages are web enabled using Esri Attachment Manager SOE for and the HTML pages can be embedded into a various applications to improve photo access. When embedding HTML pages hosted on an internal Portal for ArcGIS, AGOL apps fail to display the content because credentials are not passed through. While other data layers from Portal authenticate correctly, the embedded HTML pages trigger repeated authentication loops and ultimately fail to load.

What We Tried

Adjusting X-FRAME-OPTIONS headers via IIS on the Portal Web Adaptor allowed partial progress but introduced global risks and conflicts.

Alternative approaches using Content-Security-Policy frame-ancestors also fell short.

The root issue: No configurable option exists in Experience Builder or Dashboards to enable credential passthrough between AGOL and Portal.

Proposed Solution

Esri should provide:

A configurable setting in the embed widget to allow trusted credential passthrough.

A global option in Experience Builder/Operations Dashboards to manage headers like X-FRAME-OPTIONS or similar security directives.

Why This Matters

This limitation forces organizations to:

Duplicate applications across environments.

Use insecure workarounds that compromise governance.

Spend additional resources maintaining parallel systems.

Use Case

Our organization recently migrated from in-house servers with IIS capabilities to an ArcGIS Enterprise Portal architecture hosted in a Microsoft Azure environment, and we’ve begun leveraging the Esri Attachment Manager SOE for managing embedded HTML content. Historically, this workflow was seamless:

We maintained a suite of applications built in our Organizational ArcGIS Online (AGOL) site accessible to internal staff and shared to external partners via GeoPlatform ArcGIS Online Organization.

Internal users could view embedded HTML content within Operations Dashboards and Experience Builder (ExB) because their authentication tokens passed through successfully.

External contractors, who lacked credentials, would simply see a warning message which is an acceptable outcome for our use case.

This approach allowed us to maintain a central repository of applications for all users rather than building multiple, user-specific apps across different environments.

Since moving to the Microsoft Azure-hosted Portal environment, we’ve encountered a limitation:

Dashboards and ExB apps built in AGOL can still authenticate users to pull data from internal REST services.

However, they cannot pass that same authentication to retrieve content from the Attachment Manager SOE.

As a result, embedded HTML pages/widgets fail to load for internal users, breaking workflows that previously worked flawlessly.

To replicate our previous functionality, we now have to:

Build separate apps within the Portal environment for internal users.

Maintain duplicate workflows or split processes across multiple interfaces.

This adds unnecessary complexity, increases maintenance overhead, and undermines the efficiency of our centralized application strategy.

Our field staff and partners rely on these tools for mission-critical operations. The inability to pass credentials for embedded content forces a fragmented architecture. A solution that enables credential passthrough for embedded content would restore the simplicity and reliability we had before migration.

Re: Streamlining authentication between ArcGIS Online and Portal to support embedded content

DougBrowning — Thu, 19 Feb 2026 14:32:01 GMT

Big upvote for this one. We are consistently seeing issues in ExB when we mix content from AGOL and/or multiple portals. We work nationwide so we have up to 12 state portals that we use data from or them from us. We also coordinate with multiple agencies - again all with there own portals. Did not have issues in WAB so it must be possible.

GIS is all about bringing information of all types together into one place in order to see patterns, correlations, and more. So it is critical for products to be able to handle multiple credentials and keep them all straight. In addition there has been a big push for more one stop shops for users. They get lost having to go to a dozen different websites to get the info they need. Instead we need to collect up all the info they need and present them together to get the full picture.

Thank you

Re: Streamlining authentication between ArcGIS Online and Portal to support embedded content

ShoNuff — Tue, 14 Apr 2026 21:01:37 GMT

We just discovered this yesterday. This was a disappointment as we are taking advantage of the functionality in AGOL that Portal does not have. Thank you for submitting this.

idea Streamlining authentication between ArcGIS Online and Portal to support embedded content in ArcGIS Experience Builder Ideas

Streamlining authentication between ArcGIS Online and Portal to support embedded content

Re: Streamlining authentication between ArcGIS Online and Portal to support embedded content

Re: Streamlining authentication between ArcGIS Online and Portal to support embedded content