AnsweredAssumed Answered

Why can users enter just their domain username when a service is secured using the "Allow access to all users who are logged in" setting, but need to use DOMAIN\username when services are secured using selected roles?

Question asked by brett.lessner_Nsight on Dec 6, 2018

We have configured our ArcGIS Server/Enterprise 10.5.1 security with the following settings:

User Store: Windows domain

Role Store: ArcGIS server built-in

Authentication Tier: GIS server (We are restricted to using GIS-tier authentication so switching to a web-tier authentication config is not possible.)

Authentication Mode: ArcGIS tokens

 

I've noticed a behavior where services secured with the "Allow access to all users who are logged in" allow access to users who only enter their domain username. However, if the security is switched to "Allowed roles" users must enter DOMAIN\username. This seems logical looking at the user store - users are listed as DOMAIN\username. I'm just confused as to why this behavior occurs. 

 

Has anyone with a similar configuration found a way to secure services down to the role level and allow users to enter only their domain usernames?

Outcomes