How do you correctly enable editor tracking for a non-hosted feature service in ArcGIS Online?

NilsBabel · ‎08-11-2014

I have an ArcGIS Server 10.2.2 feature service. The feature classes are non-versioned and archiving and editor tracking are enabled. I've published the service with Create, Delete, Query, Sync, and Update operations so I can use it in ArcGIS Online and Collector for ArcGIS. I've enabled ownership-based access control and checked Query, Update, and Delete operations for all users. I can add and edit the feature service in the ArcGIS.com map. However, when I look back at the editor tracking fields the created_user and last_edited_user both say Esri_Anonymous. Is there a way to get the ArcGIS Online user name in the tracking fields?

RussCoffey · ‎09-17-2014

Any updates, Nils? I am experiencing the same behavior. I, too, expected to see the login name of the ArcGIS Online user, which is why I enabled the editor tracking. The closest documentation of this issue that I can find is the following open bug report, but it is referring to hosted feature services, while both of us are using non-hosted feature service. I'll post back here if I came across anything.

NIM102295 - If the editor tracking fields (Creation Date, Crea..

NilsBabel · ‎09-18-2014

Nothing very satisfying. The short answer is no, editor tracking does not work with the ArcGIS user names. The long answer is you can enable security on your services and let the users login in with a secondary user name and password, one that provides access to the SDE database. The ArcGIS web map will prompt the user for the second username to access the services. Edits will be tracked in the database with this second username. The problem is if you really want to track editors you will have to create a user account in your sde database for each user editing the data from ArcGIS online. Sort of redundant. I haven't tried this from collector to see what sort of login users are prompted for. I settled with just using the ArcGIS online usernames and tracking the date created and date edited. Users are putting their initials in the comments of features they create. You can check this thread for more information:

Offline editor tracking

Good luck.

RussCoffey · ‎09-18-2014

Thanks for the information, Nils. You are right on, and I can confirm the behavior you described. After my post yesterday, I enabled security on the ArcGIS Server service (which requires the user to do the second log-in, as you mentioned, with their local NTLAN user account/password) and the editor tracking does capture their company-provided username, not the AGO username. I actually prefer that, except for the fact that the user will have to log in with two different usernames and passwords to access the data they need to edit. It seems like a little thing, but that's definitely not a selling point when I introduce AGO to users.

As I understand, there is a single sign-on method available for AGO, but your organization has to enable Active Directory Federated Services, and I don't see us doing that anytime soon (although I may try to argue for it).

Please keep me posted if you come across anything else, and I will do the same.

ChandreyeeLahiri · ‎07-07-2015

Thanks for asking my question and so succinctly.

Any updates on this as of July 2015?

My (very similar) situation:

I have a SDE database hosted on a server, accessed and edited primarily through the Collector app and AGOL web-maps. Security has been enabled on the server SDE data (with just one set of credentials) and 'Editor tracking' enabled for the Feature service created from that SDE data.

My need:

To record the AGOL credentials of each editor who edits the data. It helps me identify which of my many field workers have collected each piece of data...each collector has an AGOL account. (They are required to also enter initials after each field entry but human error creeps in and they often skip the step...editor tracking is a safety net)

Problem:

When edited (in Collector app or in web-map or on the desktop), the editor tracking fields capture the credentials for the SDE log-in (of which there is currently only one) but not the AGOL credentials that would help me identify which individual in fact, edited. It used to work perfectly in the past when my data was hosted rather than in SDE/on a server.

Possible solutions:

The suggestion of multiple credentials on the SDE security is a good idea, but very clunky to set up.

Keen to hear any suggestions ASAP.

Thanks.

DougBrowning · ‎09-09-2015

Do you turn on edit tracking after you publish (in AGO) or before (in ArcMap)? It creates totally different fields (for some reason) depending on when you do it.

I have had luck turning on editor tracking first in ArcMap then publishing.

HectorMelendez-Alvarado · ‎08-27-2015

Russ Coffey , Would enabling Single Sign-On using AD Federation Services avoid the dual (AGOL, AGServer) signup to capture editor tracking usernames? Is this setup documented anywhere?

I know how to configure both ArcGIS Server and AGOL Security but don't know any configuration that would allow SAML Single Sign-On AGOL to authenticate with the same login on ArcGIS Server so that the user doesn't get prompted a second time when accessing the secure ArcGIS Server service.

I've been looking to solve this for sometime now. Any help would be much appreciated.

Thanks.