Setting up Distributed Collaboration Login Issue

1018
12
01-24-2019 01:02 PM
Highlighted
New Contributor III

I'm trying to set up a Distributed Collaboration between two Portal sites.  Site 1, the host, uses Esri's authentication and Site 2, the Guest, uses AD.

I can create the collaboration group and workspace, invite the guest to join the collaboration, successfully import he response, and sync content (using 'Send & Receive') between the two portals. 

However, while the content from Site 1 syncs and is visible and available for use in Site 2, the Site 2 content syncs but any feature service or map using a feature service from Site 2 requires the user from Site 1 to provide login credentials to the Site 2 portal in the form of a user and password.

Is there some step that I missed to connect with a site that uses AD as its log in service?

Thanks,

Keith

12 Replies
Highlighted
Esri Contributor

Hi Keith,

Thanks for posting. Map services will be sent as a reference requiring credentials back to the source to access the service unless it is shared with everyone (share ArcGIS Server services). Have you set your feature layers to be sent as a copy or by reference? When you're setting up the workspace, it's one of the administrative options.

Hilary

Highlighted
New Contributor III

I'm having the same issue with an opposite configuration (AD on host AGO (Site 1) and Portal Identities on Enterprise (Site 2).  I have set my layers to be sent as a copy.  I have tried setting web tier with admin accounts as well as no web tier auth.

-Steve

Highlighted
Esri Contributor

Hi Steve,

Just to confirm, have you enabled sync on your layers? If you're using hosted feature layers, under the item > settings > enable sync. Do you see any related information in your portal logs?

Hilary

Reply
0 Kudos
Highlighted
New Contributor III

Thanks for the response Hilary.  Yes I have enabled sync, which is working perfectly fine.  I can post content on either side and it appears on the other side after the sync, but whenever I try to view it, it challenges me to sign in with the sending side account.  For example, I'll publish a feature layer on my Enterprise side, which will sync to the AGO side, but whenever I try to open it in AGO, it'll ask for my Enteprise login and visa versa.  I've confirmed that content is shared only with the collaboration group.

Reply
0 Kudos
Highlighted
Esri Contributor

Hi Steve, no problem. Next I would want to have a look at the portal logs to see if the layers are successfully coming over as copies or if there are any issues. Are you able to take a look at those? If you can and can share them you can email them to me at my first initial + last name @ esri.com and we can troubleshoot, or if you're able to open a tech support case an analyst can assist. 

Hilary

Reply
0 Kudos
Highlighted
New Contributor III

Hi Hillary,

Wouldn't setting sharing to Everyone expose the feature services in Site 2 to all users of AGOL rather than just the folks participating in the collaboration?

We tried both sharing the feature services as copies and as references.  Both approaches required log in credentials.

Thanks,

Keith

Reply
0 Kudos
Highlighted
Esri Contributor

Hi Keith, yes it would - that is the exception to having to log in. Typically we recommend copying to/from ArcGIS Online. Are you certain your layers are set up to send as copies? There are some configurations necessary in order to do so. Built-in identity vs. AD shouldn't be an issue. About sharing feature layer data as copies—Portal for ArcGIS (10.6) | ArcGIS Enterprise 

Hilary

Reply
0 Kudos
Highlighted
Occasional Contributor

I am having this same issue and cant figure it out.  I have tried all sorts of combinations of Collaboration values and nothing works.  I have had to create a view of my editable FeatureLayer and then post the undeditable map as shared with Everyone.  Not ideal.

I have an AGOL map that I use with Collector.  I have a collaboration set up back to my Enterprise Portal. Currently set up as Send and Receive with Copy on both the send and receive sides.  As described by others: sync appears to be working as I see the layers and map, but when I try to open the map Portal loops through EACH layer and asks me to sign into AGOL to access.  I published 2 different featureLayers and it only loops through the one that is deployed as editable.  The non-editable one loads fine. 

I have standalone tables in my featurelayer with a relationship class to the featureclasses.  Do I need to do something different with these?  The standalone tables are in the same file geodatabase as the featureclasses.

This: https://www.esri.com/arcgis-blog/products/arcgis-online/sharing-collaboration/sharing-and-collaborat... seems to be helpful as a process to go through.  It mentions needing to set up a role in Enterprise to "Join External Groups".  Unfortunately, this privilege seems to have been removed for Enterprise 10.7.1? Was the setting moved somewhere else?

Any help or ideas?

Reply
0 Kudos
Highlighted
Esri Contributor

Hi Lisa - based on the information you provided, I would recommend reaching out to Tech Support to look further into this issue.  I'll be reaching out to you directly regarding this.

Reply
0 Kudos