I would like to see supported added for credential-free identity between ArcGIS Enterprise and user-managed enterprise geodatabases using cloud-native workload identity (for example, managed identities).
For Azure deployments, this would mean allowing ArcGIS Enterprise on Kubernetes to authenticate to databases such as Microsoft Azure SQL Database using a managed identity issued by Microsoft Entra ID, rather than requiring a stored username and password.
Background
Many of our customers operate in regulated environments and must meet security frameworks such as the Australian Cyber Security Centre Essential Eight Level 2 (E8 L2). These frameworks increasingly require:
Mandatory MFA for identities
Removal of stored credentials where possible
Adoption of passwordless authentication
Strong conditional access controls
Centralized identity governance
ArcGIS Enterprise currently supports Entra ID–based authentication for some database scenarios, but system-to-system connections still require a service account with a password. Because the connection is non-interactive, MFA cannot be enforced, and credentials must be stored and rotated, creating both compliance and security challenges.
Problem
For cloud deployments (particularly ArcGIS Enterprise on Kubernetes):
Database credentials must be stored in secrets
MFA cannot be applied to service accounts
Password rotation introduces operational overhead and outage risk
This approach does not align with Zero Trust or modern cloud identity practices
It creates audit challenges for organizations pursuing Essential 8 L2 or similar compliance targets
Proposed Enhancement
Enable ArcGIS Enterprise to use managed identity / workload identity for database connectivity.
Example Azure flow:
ArcGIS Enterprise Pod → Managed Identity → Entra ID token → Azure SQL DB
This would eliminate stored credentials entirely and allow authentication using short-lived tokens issued by the identity provider.
Benefits
Security
Eliminates stored database credentials
Enables passwordless system authentication
Aligns with Zero Trust architecture
Compliance
Supports Essential 8 L2 and similar frameworks
Improves audit posture for privileged access
Aligns with MFA and Conditional Access strategies
Operational Efficiency
No password rotation required
Reduced secret management overhead
Lower risk of outages from expired credentials
Cloud Alignment
Aligns ArcGIS Enterprise with modern cloud-native patterns
Matches capabilities available in other enterprise platforms
Improves adoption in regulated cloud environments
Suggested Initial Scope
ArcGIS Enterprise on Kubernetes
Azure SQL Database / Azure SQL Managed Instance
System-assigned and user-assigned managed identities
Business Impact
This capability would significantly improve ArcGIS Enterprise adoption in regulated industries and government environments where passwordless and credential-free architectures are becoming mandatory rather than optional.
Thank you for considering this enhancement.
Cameron
