Sharing a Web Map Outside the Organization

JD1016 · ‎07-26-2023

Hello,

I've never shared anything outside of our city AGO, other than making a web application "public" for sharing with our local citizenry.

One of our consultants needs to have access to a web map I created. This web map contains all hosted feature layers. In the end, these layers will be seen in the GIS interface of the asset management program they are designing for our city.

Can someone advise me on how I can make this web map shareable to achieve this goal? I read something about "tokens" in the consultants documentation but I really didn't understand it. Don't know if that applies here or not.

Thank you.

Jeff

JillianStanford · ‎07-26-2023

Hi Jeff,

Does the consultant have their own ArcGIS Online organization? If so, you can invite them to join a group or create a collaboration.

Jill

JD1016 · ‎07-26-2023

Hi Jill,

I don't believe so. They are asking me to fill out a GIS questionnaire and submit it to their department with some key information. Specifically, since we will be using a secure web map in AGO, to supply them with a Username, Password, and Token Service URL. I've created usernames for my own city users (they of course come up with their own passwords) but never supplied a password or anything along the lines of a Token Service URL to someone outside of our organization.

Does any of that make sense to you?

Jeff

JillianStanford · ‎07-26-2023

Hi Jeff,

Yes, when accessing secured content via the REST API, a token is appended to each request. If you look at the network traffic when you're browsing AGOL, you can see that all of the requests for content have a token parameter. AGOL handles the authentication but if they're accessing the content directly they will need to authenticate against a token service to obtain the token themselves.

Details for the token service are found here - https://developers.arcgis.com/rest/users-groups-and-items/generate-token.htm.

There is a general discussion about authentication here - Introduction to security and authentication and details about generating a token here - Generate a token.

Hope that helps!

JD1016 · ‎07-26-2023

Hi Jill,

Great information links! You definitely have provided me with a good starting point from which to become familiar with the terminology and rules.

I appreciate it very much. I have more questions, but I will hold off until I've thoroughly read the information and checked with the consultant because there appears to be some overlap between what they are providing on their side and what needs to be constructed on my end.

Thank you.

Jeff

JD1016 · ‎07-27-2023

Hi Jill,

I'm wondering if you can help me make sense of some things. To set some context, I'm not a developer by trade and had very little contact with the ArcGIS Developers dashboard.

In reading the Introduction to security and authentication page, it appears, since I will be using our private hosted data with an ArcGIS Online account that the ArcGIS identity method would be the best approach. However, the access token being short-lived has me a little concerned. Should I be worried about this cutting out periodically with my users while accessing asset management? How does the refreshing work?

They use the word "application" in the workflow for the ArcGIS identity which has me confused since our asset management consultant has requested a web map. I've attached a screen shot from the consultants directives in the hopes it might provide you with some additional background of what I'm seeing on my side and where my confusion comes in to play.

I have more questions, but I think starting from here would prove most beneficial.

Thank you for your help in advance!

Jeff

JillianStanford · ‎07-27-2023

Hi Jeff,

The back end of ArcGIS Online consists of web services that can return data and configurations to any number of clients. I think in this context, when the doc says "application", it's just referring to the client that's making the request.

It's up to the client that's requesting and using the token to manage it correctly. I don't know the details of your specific asset management software but my suspicion is that they are using an Esri API to manage tokens in a way that is transparent to the end user.

It looks like the consultant is asking for a token service, username and password so that they can authenticate to "import" your data. I'm not sure if that means they are actually making a copy of your data or if they will use the credentials to access the live services using short lived tokens.

They are also asking for a web map ID, I suspect to define which layers are seen by the end users. They are giving you the option to require each end user to log in with their own AGOL credentials to view this map or to use the stored user name and password.

Hope that helps,

Jill

JD1016 · ‎07-31-2023

Hi Jill,

It does help. Thank you for taking the time.

However, please forgive me, but I am still a little mystified on how to go about creating a username, password, token and how to establish a connection between Developer and my web map. I've poured over the documentation links and just can't seem to get a handle on where to begin. I think I have an understanding of which authentication method they are asking for but that is really just about it.

Are there any step-by-step instructions available for a novice like myself?

Thanks.

Jeff

JillianStanford · ‎07-31-2023

Hi Jeff,

This workflow uses the same authentication and sharing scheme as your ArcGIS Online Organization.

You would create a named user in your Organization (or use an existing one).
You would share the web map with the user, just like you would share any other piece of non-public content. You will give the developer the ID of this web map, so they know where to look for it.
You aren't giving the developer a token, you're giving them the URL for the token service, so that they can request a token using the supplied credentials as needed.
When the "application", requires access the web map, a request is made to the token service using the supplied credentials. This token is appended to the request for the web map and since the map has been shared with the user that was used to generated the token, access will be granted.
Since the tokens are short lived the app will need to request a new token every time the token expires. The developer will be handling that process as part of the app.

There are tutorials and help docs for each of those steps but I don't know of one for the entire workflow. You really just need to handle steps 1 - 3 and the developer handles step 4.

Jill

JD1016 · ‎07-31-2023

Thank you for sticking with me on this Jill. I really appreciate your time.

I will reach out to our asset management person and coordinate the interaction after I do the setup on my side.

Jeff