Best security setup for this situation?

Discussion created by bblankner on Dec 27, 2012
We're a city of about 90,000 people using ESRI's small govt. ELA.  We have been using ArcGIS Server for a few years and also have started using ArcGIS online for organizations.  There are a few users in a couple departments that have layers/maps that need to be secure.  The police department has a few things that come to mind and so does our planning department. 

We want to publish our maps so that the general public can see/use most of it with the exception of the few sensitive items.  We want to use ArcGIS Online as the main method for people to consume the maps.  We also want the Police and Planning individuals to use ArcGIS Online to see their secured information no matter where they are, but with minimal interference of (them or me) having to keep up with tokens, databases of passwords and other stuff. 

What is the most simple to use and manage method for us to publish layers and maps via AGS to ArcGIS Online, making most of them require no login/security and just a few of them secure for certain users?  And what would it look like from the user's point of view?  We don't have a ton of staff or resources to develop a complicated solution that requires lots of management time.  And the users are intolerant of lots of logging in and out.  We want people to want to use this, not feel like it's "too much work" and just try to get by with Google maps instead.

Any ideas?  Any tips are greatly appreciated!