Latest Contributions by MichaelJenkins

They will need to access more than just the specific map service URL, because they will need to be able to log in and that involves a couple of other URLs on the server. At a minimum they also need to be able to access https://myname.mydomain/arcgis/rest/login If by "Portal account" you mean ArcGIS Enterprise Portal, then that won't work for services on an unfederated server.  But if you just mean a built in account on the unfederated server, then yes I think that would work.  You can create a group, using ArcGIS Server Manager, add that user to the group, then secure the service, specifiying that group has access.   Then, any user account in that group can see/access the service (plus all admin accounts), even if it is just one user. No other changes to ArcGIS server related to the VPN/Firewall as far as I know.  No token needed since they will generate their own when they log in.         ... View more

You don't need to supply the 3rd part app with both username/pw and a token.  The token alone authorizes them to access services, and it is tied to the username that was used to generate the token, so that is how the server knows which content a user can access. Think of it this way - if you just go to the URL to the secured map service, the server will prompt you for a username and password.  Same thing if you go to https://myname.mydomain/arcgis/rest/login.  When you log in, it generates a token for you and stores it in a cookie for your browser.  Then each time you make a request to the server, it automatically includes that token in the header.  You can't see it unless you look for it, but it is sending that token with every request to the server.   So, the purpose of providing a token to another application is so that the appliation's user doesn't have to provide a username and password. You could just provide the username and password to the user of that application and when that 3rd party application tries to use the map service, it will prompt them to log in, then they log in and carry on their merry way.   It depends on what this 3rd party application can do and how many people are going to use it.  If you provide just the token, that application will need to know how to use it.  End users can't log in with the token directly. Also, since your server is behind the firewall,  you could just leave it as an unsecured service (anonymous access) and then no username, password or token would be needed by the 3rd party app.  That is as long as it is ok for people on your network to be able to see that service if they know where it is.  Since you have services directory turned off, the URL to the service can't be found by accident. That  may have been long winded, but I like to dig into the details. 🙂       ... View more

Hi Cody.   We have Enterprise set up in a very similar way to what you are describing in your OP.   We put all of the web adaptors on one web server in the DMZ and all the other servers for the multi-machine site are inside our firewall.  No VPN required for regular web access, but it is required for actually remoting into the servers for maintenance and updates. Having all of the web adaptors on one server is nice because you have the same root URL for all of the Enterprise component servers, and only one SSL cert is needed for all of them. ... View more

Good point and an important one to mention.  It really is 'all or nothing'.   ... View more

Your IT department made a bad decision.   If this is what you are stuck with, you might be able to have an on-prem ArcGIS Server that connects to Oracle and is federated to your Azure hosted Portal.   That way the server and DB are close to each other and everything between server and Portal/clients is just web traffic. Or set up a DB in Azure and replicate data from on-prem to Azure on a schedule.     ... View more

Yes it helps, thanks.  Just to be clear, are Hot Desks not reservable and so not a potential solution? ... View more

Hello @GauravJobanputra .  The use case our customer presented is this.  "I (want to) book a hoteling station for a day, and also book collaboration tables for 2 hours" If we designated the "collaboration tables" at Hot Desks instead of Hotels, would they be able to book one of each at the same time? Another use case might be if a consultant is invited to come in for a day but they are not in our Indoors system as an occupant, so I might want to book a space for myself and another for them in my name. I'm happy to add these to the Ideas forum, but for now I just need to get confirmation that this is either not possible right now or if it is where the settings for that would be.   I need to reply to our customer as to whether we can offer this to them or not.       ... View more

Hi Jinho, We have implemented the reservation manager, but it still prevents anyone from having more than one reservation at the same time.  The reservation manager cannot book two spaces for the same person at the same time, so that is no different from a person not being able to book two spaces for themselves. The hotel configurations have options for "maximum number of bookings" per person, but that does not override the "at the same time" restriction. Is there any way to allow an occupant or reservation manager to book two spaces at the same time for one person? ... View more

In case anyone has the same question and finds this post, here is the answer.  Yes, you can disable "ArcGIS Login" so users do not have the ability to log in that way and still use a built-in account for back end Python scripts. The key is to add an argument to the connection line that forces it to use a token instead of OAuth. arcgis.gis module | ArcGIS API for Python use_gen_token Optional Boolean. The default is False. Uses generateToken login over OAuth2 login. ... View more