Avoid having Active Directory users have to type domain at log in?

456
3
08-14-2017 08:40 AM
ChrisMathers1
Occasional Contributor II

Is there a way to have my users not have to enter domain\username when logging into a service? I would prefer if they just typed in their username.

Tags (2)
0 Kudos
3 Replies
RandallWilliams
Esri Regular Contributor

Starting in 10.2, ArcGIS for Server can function in a multiple domain forest.  To support this, if enterprise users and built-in roles are used, the enterprise users are linked to roles based on username and domain name.  For this reason, with GIS-tier authentication, both the Active Directory username and domain are needed when signing in to access secured services.

When 'Allow access to all users' is enabled, the username alone will work but the authenticated user will not be assigned to the corresponding role(s).

If your installation of ArcGIS Enterprise is internal only, you can add your GIS Server and Portal to your list of trusted sites in IE and achieve a single sign on solution where the browser will pass the current domain credentials to the web adaptor.

ChrisMathers1
Occasional Contributor II

I was planning on setting up AD users with AGS roles and GIS tier. Any way to make it work with that configuration? The enterprise is available externally and users off network will be connecting using accounts in AD. If I go web tier and someone tries to connect who isn't on a computer connected to the domain do they get the normal ArcGIS authentication popup? This stuff really isn't clear in the AGS documentation.

0 Kudos
RandallWilliams
Esri Regular Contributor

With web tier auth users will get the web tier challenge, like an IWA login. Personally, I'd go with SAML over web tier in this case.

0 Kudos