Masking ArcGIS Instant App URL

ColeShelley98

I would really like to see ESRI incorporate masking or "hiding" the URL for Instant Apps. We have some external agents/clients that have a basic viewing account within our ArcGIS Enterprise Portal but by simply deleting the app ID and "/apps/instant/lookup" from the URL, they are able to get into our Portal and view our all our important data and layers. Ideally, keeping their basic viewer accounts will allow us to track their logins and activity.

SimonSchütte_ct · ‎05-12-2025

This sounds like you assign the default Viewer Role to the external viewers, which gives them viewing access to content shared within the organisation. Member roles—Portal for ArcGIS | Documentation for ArcGIS Enterprise
You should create a custom viewer role and remove the option to see content shared within the organisation, then assign this role to your external viewers.

Share your app in dedicated group(s) and add your external viewers to the group(s).
This way, viewers will only be able to see apps (and containing content) shared with them in a group they belong to.
If you use Hosted Feature Services, you may want to create Views to limit visibility of data.

(Note: Check your license agreement to see if your use case - sharing user types outside your organisation - is covered.)

ColeShelley98 · ‎05-12-2025

Interesting. I will try this out! Thank you.

ColeShelley98 · ‎05-12-2025

It has helped for the most part but for some reason, after creating a external partner viewer role, and setting their permissions to the lowest possible, they are still able to see some things on our Portal. I placed that external viewer role into a group with only 5 pieces of content but when going to the organization tab under content, they can see around 60 pieces of content.

SimonSchütte_ct · ‎05-12-2025

@ColeShelley98 Restricted viewers will be able to see content directly shared with them and items with the sharing level set to public.