Secured service requires 3 sign ins?

5083
10
Jump to solution
04-21-2015 02:54 PM
VenusScott
Occasional Contributor III

I'm already hearing squawking . . .

We have configured our AGOL account to use the Active Directory Federated Services. That being said why is it when I am using the Collector application I first have to log into our network via VPN (with AD credentials) then when I go to my tablet to view my maps I have to log into our AGOL portal (with AD credentials) and then if the map contains a secured service, I have to log in to access that secured service again with AD credentials?

Do I have something configured wrong? I thought the whole purpose of Active Directory Federated service was for "single" sign-in.

0 Kudos
1 Solution

Accepted Solutions
RussRoberts
Esri Notable Contributor

Federated Servers is something that currently only supported in Portal for ArcGIS and not in ArcGIS Online organizations.

If you were using Portal for ArcGIS(10.3 and up) you would have the enterprise login support and could use your AD credentials. In that Portal you would have your internal server federated with your portal so your field crew members and yourself would only get prompted the 1 time you login. You would still have to sign in through the VPN app as well.

ArcGIS Online does not have the support for federating your server with your org so you will have to sign in once to the Org, then again to access your internal server services. If you are using hosted you would not be prompted for credentials.

Hope this helps you out.

Russ

View solution in original post

10 Replies
RussRoberts
Esri Notable Contributor

Federated Servers is something that currently only supported in Portal for ArcGIS and not in ArcGIS Online organizations.

If you were using Portal for ArcGIS(10.3 and up) you would have the enterprise login support and could use your AD credentials. In that Portal you would have your internal server federated with your portal so your field crew members and yourself would only get prompted the 1 time you login. You would still have to sign in through the VPN app as well.

ArcGIS Online does not have the support for federating your server with your org so you will have to sign in once to the Org, then again to access your internal server services. If you are using hosted you would not be prompted for credentials.

Hope this helps you out.

Russ

SubuSwaminathan1
Occasional Contributor

Russell,

Configure Active Directory Federation Services—ArcGIS Online Help | ArcGIS

The above AGOL help URL appears to indicate that ADFS is supported in AGOL. We were looking forward to deploy this. Can you clarify or point to resources that support your statements?

Thanks

Subu

RussRoberts
Esri Notable Contributor

That is for setting up enterprise login support to ArcGIS Online and not federating your internal ArcGIS Server with ArcGIS Online. This does not connect your enterprise login with internal servers because it does not connect the two together. In the case of Portal for ArcGIS you are able to setup the configuration that connects the Portal with the ArcGIS Server and provides a single sign on experience.

Federating an ArcGIS Server site with your portal—Portal for ArcGIS | ArcGIS for Server

VenusScott
Occasional Contributor III

So the added secured map/feature service still requires additional logging as well due to "This does not connect your enterprise login with internal servers because it does not connect the two together."?

0 Kudos
MichaelJenkins
Occasional Contributor III

There is a way to avoid the secured services sign in.  Create an item in ArcGIS Online (or Portal) that points to your secured service.  Choose "Add Item from web" and then enter the URL of your secured service.   It will detect that it is a secured service and ask you for credentials and then if you want it to save those credentials.

Tell it to save the credentials, then save the item (it will be a "Map Image Layer"), then share it with the appropriate group.

Then go your your web map, choose "add" then "search for layers" (not 'add layer from web') and add the item you just created.

Now when you access the web map via Collector, it will log into the secured service for you.

itemfromweb.png

GISP
VenusScott
Occasional Contributor III

Ooooo . . . now this looks intriguing? Looks like I will have to "play"!

Thanks Michael!

tvchambers
New Contributor II

Hey Venus,

There's a Live Training Seminar tomorrow: Portal for ArcGIS: Leveraging Windows Single Sign-On for Your Organization. I imagine at least some of your particulars will be covered--might be worth a look.

Esri Training | Live Training Seminar: Portal for ArcGIS: Leveraging Windows Single-Sign-On for Your...

take it easy. --tv

VenusScott
Occasional Contributor III

Thanks! I've put it on my schedule to attend!

0 Kudos
VenusScott
Occasional Contributor III

Wait, you say it's not supported for ArcGIS Online Organizations. I did an Active Directory configuration on our AGOL organization account:

Is this not the same thing?

0 Kudos