**The Portal for ArcGIS extension software is included with
ArcGIS for Server Advanced (Enterprise or Workgroup) and is licensed and priced
based on the number of named users.
Hi Derek,
We bought a 12 month Portal For ArcGIS Up To 50 Users license last October when the version was 10.2. As the Portal is now included the Arcgis for Server with the 10.3 release we are looking for the best option to proceed as we are approaching to the end of that 12 months.
We have ArcGIS for Server Advance Workgroup license and all products have already been updated to 10.3.
Thank you.
Hi Tuna,
Since I am not informed about the specifics of your software license agreement, these types of detailed licensing questions are beyond the scope of the discussion forums. Please meet with your local Esri account manager/Distributor to discuss these items.
Hope this helps,
Hi Derek,
Thought I would inquire specifics about named users in Portal while Portal is Federated with ArcGIS Server. Portal has IWA incorporated for Active Directory - Windows Authentication
Scenario.
A web application which sits on IIS - a web server - (anonymous enabled - so Portal can control it) consumes as web map on Portal. This web map is shared to 'everyone'.
This Web Map in portal contains several layers, lets say 10 for this example. (so 10 services running on ArcGIS Server, for example)
Out of the 10, 8 are shared 'everyone' (public) on portal. 2 of layers in the map sit in a group and a AD Group/Role is only able to see the layers in portal (not shared to 'everyone'). I am aware of a Nimbus regarding nothing showing up on the web application, but what I want to know is:
'Joe User' needs access to the Group layers (2 layers that are sensitive) and is apart of that Group in AD.
Will a named user be required for JOE to see the non-public layers (the sensitive layers)?
If so,
Lets say a company has 300 people that need to see this sensitive information out of 10,000. does that mean 300 named users are needed to be registered with Portal so that the web app loads the 2 layers for these users?
I was hoping the users that should not see the 2 layers would simply see the remaining 8 layers open to the public (a 401 happens in the background but user does not know)... but a bug seems to be hindering that, this is a separate issue of course. (ref # Bug -000087825)
I have had zero issues with ArcGIS Server AD enabled and applying Roles to specific Services consumed by apps... but Federated Server with Portal poses some questions... (as ArcGIS Server licensing is based on Core, not named users). I greatly appreciate your time in explaining this!
Hi Michael,
> 'Joe User' needs access to the Group layers (2 layers that are sensitive) and is apart of that Group in AD.
Will a named user be required for JOE to see the non-public layers (the sensitive layers)?
The answer is "yes". Any Portal items that are not shared with 'everyone' (i.e., public) means that a named user account is required to access and view it.
Hope this helps and happy holidays,
Thank you for clarifying. As I suspected...The User that is loading the web application, that consumes the sensitive layers would require a name with Portal.. automatic setup is possible of course. Hmm, causes a problem when one has 300 staff are needed to see sensitive layers. 300 named Portal seats is expensive.
Are there any alternatives that I am missing?
Happy Holidays to you as well... see you at the Dev Summit!
Hi Michael,
Regarding your licensing needs for 300 named users - please discuss with your Esri account manager/local Distributor. Perhaps an Enterprise License Agreement (ELA) might be an option to meet your needs.
Hope this helps,
Derek,
My agency has an ELA but we still had to pay for the full cost of named users.
What about using an Active Directory group to restrict the map services containing sensitive data. Add all 300 to a group then use that group in ArcGIS Server Manager for security. We have some sensitive data that resides in SDE so we did a map service and restricted it to a AD group. I think the users are prompted so they do have to re-enter their credentials but there is no need for portal named users.
There is a bug on that, at least for Portal users. Nothing loads for anyone outside the security group, even unsecured services. I don't know the BUG ID off hand.
Correct and fully aware on additional issue of a BUG being Bug -000087825
BUG-000087825 - When a Portal for ArcGIS web map has a layer secur..