AnsweredAssumed Answered

Portal single sign on across domains

Question asked by ascullyCOT on Sep 9, 2019
Latest reply on Sep 10, 2019 by ascullyCOT

Trying to get Single Sign-On set up on a Portal site. 

Our Portal is using active directory, and it works as desired for our typical user - on a physical machine, signed in with their AD credentials.

 

The issue here is that we have a good chunk of users who use Virtual desktops.  Our Virtual Desktop environment sits on a different domain (domain 2) , however users still use their domain accounts from the same domain that our Portal is on (domain 1).  The 2 domains have trust relationships or similar to enable this.

 

Single Sign-On does not work currently for these Virtual users, even though they get to the their virtual desktop with the desired domain 1 AD account. 

I was looking at simply adding a trusted domain in the Portal settings for domain 2, but the documentation says wildcards are not supported - so adding *.domain2.myorg.com doesn't work.  I don't believe that we can get a fully-qualified name for the domain 2 VDI environment  

Restrict cross-domain requests to your portal—Portal for ArcGIS (10.7 and 10.7.1) | ArcGIS Enterprise

 

I'm thinking we can make this work since the VDI users are using their domain 1 accounts to sign in, but am not sure where to add domain 2 as a trusted domain, or if that's even the right path to go down.  

 

Any thoughts on how to proceed in this scenario to get SSO up and running - it's fairly critical for some applications we have in this Portal.

 

Thanks - 

Allen

Outcomes