How to block mobile workers from entering the portal?
Don't give them an account. By giving them a profile, you are giving them access to the portal environment, and content shared to the portal may be accessible to them. You can restrict the content they can access, but at face value, they are signing into your portal. I highlight this as it's technically the answer to the question, and a slip of administration down the track (elevating user role) may expose content, in a way that could be avoided if you never gave them a login.
I have created a group of QuickCapture users with no editing capabilities
Not sure on why you would do this, as mobile workers would want to edit using QuickCapture?
I do not want them to seek items within the organization's portal
This we can actually answer, and you'd want to consider this in line with your broader portal's security settings and policies. For sharing and access items:
- Users can be assigned a type (licence) and a role (all or some of the privileges available to that licence).
- You can create a custom role that does not have the privilege to view content shared with the organization
- You can use the same user roles and privileges to limit the number of users who can share content to the organization or publicly.
- You can set some organization-wide policies to prevent non-admins from sharing content
I'd recommend any ArcGIS Online or Enterprise administrator to consider the security of their organization as a whole, who has admin access, who can share content, who can get access, and how these privileges get assigned. Some resources are available online, in documentation, e.g. video below. Lots of similarities in portal management for ArcGIS Online and ArcGIS Enterprise general practices.
https://www.youtube.com/watch?v=5RDx_SQIYFE
