I've got an AGOL web map that feeds a Collector workflow. That webmap has 4 layers. They are all secured ArcGIS Server feature access services. Up until the other day, everything was working as intended but now, whenever I get into Collector and fire up the map in question, it no longer prompts me for my secure service credentials. It goes right into the map as if I've already given my credentials. If I go into AGOL on my PC and fire up the same web map, I'm immediately challenged with the secure service credential popup, as it should be. I'm totally baffled what's going on here. Any ideas?
Are you using Collector on Android, iOS, or Windows? How are your server services secured? GIS-Tier or Web-Tier?
What version of Collector are you on? Do you see this issue across multiple devices?
Hi Dan. We tested this on Collector for Android and iOS today, both with the same result, all with the latest version of Collector. We are using GIS-Tier Security for AGS (10.41) using our Windows AD roles/groups. We had this issue on all the devices that we were training on today... about 10 devices. No one was prompted for our AD creds on the Collector map and everyone got right into the map. When I fired up my pc and tested the AGS rest endpoint, I had to pass my org AD creds to see the services. When I went into AGOL, where the web map is hosted, I was prompted for my AD creds.
This started happening just recently too. I can't say exactly when but a week ago, Collector was working properly. I can't tell if this is a Collector issue, web map issue, web service issue. I know there is a setting for AGOL items that allows you to store a set of credentials with the item so users don't have to pass their creds every time but I didn't tell the layers in the web map to behave that way and in fact as I walk through the "add layer from web" dialogue in the web map, I don't even see that "store credentials with the layer" option.
A new bit of info on this.
I just got into Collector, opened the map in question, edited a point feature's attributes and saved. When I looked at the "Lasteditedby" editor tracking field, it had my org AD login name. So clearly my org AD credentials are being cached by Collector.
I didn't know this was possible. How can I control whether that happens or not. I don't see any settings for that.
More info on this.
I uninstalled and reinstalled Collector on my device and after logging in with my named user account and clicking my map, I'm prompted with my org AD credentials popup, all looking good so far. I filled it in and the data appears in the map. Then, I got out of the map, killed the app, and now when I get back into the map I'm not prompted with the AD credential popup... my data shows up immediately and I can start editing. This can't be right and haven't been the normal behavior of Collector ever since I've been using it. What gives?
You may want to open a case with Esri Support on this. It looks like other customers have faced similar behavior, so an analyst will be able to troubleshoot this issue further with you.
I put in a tech support ticket, was on the phone with an esri tech support person this AM and the response was... "this is expected behavior in the latest version of Android". Ticket closed.
The only way to make sure users are challenged each time they open a map in Collector is for them to sign out of their named user account every time they are done working with a map. If they don't sign out, which in the case of Collector for Android it's: three dots -> switch account -> three dots -> remove.
Then, when the user gets back into Collector and they click their web map, they will be challenged with their org AD credentials.
I know my field staff will love this as it will cut down on the steps required for them to start editing in Collector, but from my end, I find it hard to understand how an Android update has change a key piece of how Collector works... namely that in the past, Collector has forced users to authenticate with their org creds every single time they fired up a web map in Collector, while never signing out of their named user account. Now that has changed, now, as long as a user remains logged into the AGOL org account, they will never be challenged with their employer org AD creds to see their secured feature layers (after they did it the first and only time).
Ok, so got back on the phone with tech support and now the answer is: It's an update to the latest version of Collector. 17.0.4 from Oct 26th. The change log in the Android app store makes no mention of this new feature. I'm not saying it's not legit but is sure is damned confusing and means I'll be rewriting my end user training documentation.
When accessing different collector maps with secured services GIS tier authentication, it is not prompting me for a login. It never recognizes the secure services and states that they failed to load. It never prompts for a new login like
it should when accessing a new map that I don't have authorization for with the current username and password from the previous map.