Community

Can I Configure 2 Active Directories for SSO with IWA in ArcGIS Enterprise.

1034
1
07-14-2021 10:11 AM
Labels (1)
Labels
DiegoLlamasOlivares
by
Occasional Contributor
‎07-14-2021 10:11 AM

Hello,

I have 2 differents active directories one with PR and other with USA domain.

I already have configure my ArcGIS Enterprise using Windows authentication (IWA) with PR but not we need that this second AD and this users have access to Portal using their domain user.

I was wondering if this was possible.

iwa.PNG

 

Thanks for your help

Diego Llamas
0 Kudos
1 Reply
ChristopherPawlyszyn
by Esri Contributor
Esri Contributor
‎07-15-2021 07:45 AM

To login with users from two separate domains when using Integrated Windows Authentication, the domains must be part of the same AD forest. There are additional considerations you'd need to work with your IT team on, especially making sure that the specified user is allowed to query both AD domain users and groups (if used) as well as confirm the Portal identity store configuration is pointed at a global catalog domain controller within the forest.

 

"Using an Active Directory identity store, ArcGIS Enterprise supports authentication from multiple domains with a single forest, but does not provide cross-forest authentication."
From https://enterprise.arcgis.com/en/portal/latest/administer/windows/use-integrated-windows-authenticat...

 

Configure the domain controller used by Portal for ArcGIS—Portal for ArcGIS | Documentation for ArcGIS Enterprise
https://enterprise.arcgis.com/en/portal/latest/administer/windows/configuring-the-domain-controller-...


-- Chris Pawlyszyn
0 Kudos