Randomly, Enterprise Portal items 'shared to all' shows login screen for AD accounts. Using Version 10.7.
Thanks so much!
Beth Donahue
Chicago Transit Authority
Are you using Intergrated Windows Authentication (old skool AD) or are you using SAML2 (modern AD)?
Also, are all the services, the web map and the application all shared with 'everyone'. I've seen people use multiple web services in a web map, leave one of them secured and then see this behaviour. All 'items' have to have the same level of sharing.
So if you’re using IWA (shivers) then all users need to go through the web server and web adaptor. The web server (before you get to Esri) will ask you to confirm you’re logged in to the AD. If you’re on the network or have VPN then you have a token and you just go in.
If you’re environment is exposed to the internet, and you access it from a non work device or you’re not on the VPN then it will ask you to login.
Under IWA the concept of everyone just means you’re not consuming a license, you have to exist in the AD to be able to use anything. So you can’t easily share to the public or stakeholders. (Hence ^shivers). IWA makes the environment inflexible in my opinion. 😞
the only way to tell if non names users would be having those blocks would be the IIS logs. You may get a username if IIS was configured correctly.
typically changes like you’ve said relate to windows or Esri patches being applied or possibly a licensing change.
Scott, I appreciate your comments. Anonymous users are now seeing items shared with all (enterprise portal is behind firewall so 'all' means everyone with AD account). Unfortunately, now when I open Portal or Portal admin I am prompted for a login (which of course I do not have). In addition, randomly my colleagues I cannot open ArcGIS Pro licensed through Portal (unknown error, check LM is working). I have tested on VPN, RDP, Wireless at work and Docking station at work.
I am working with DBA and other IT and we suspect my credential authentication is not being passed on to GIS web server.
I have a ticket open with ESRI and here are results that allowed anon access and initial admin but then portal admin asked for login
Are we missing something? Everything was fine until about January of this year (I also transitioned from staff to consultant but with same email login).
Thanks for any thoughts you have😃
Beth Donahue