Community

Use Integrated Windows Authentication with your portal: 2 or more domain

850
2
09-27-2021 07:41 AM
Labels (1)
AngeloTroiano
by Esri Contributor
Esri Contributor
‎09-27-2021 07:41 AM

Hi,
we need to configure the integration with Windows authentication of Portal for ArcGIS 10.6.1 with 2 or more domains at the same time (i.e. the configuration needs to take into account 2 or more domain configurations)
There is no indication in the documentation that 2 or more domains can be configured:
https://enterprise.arcgis.com/en/portal/10.6/administer/windows/use-integrated-windows-authenticatio...

are 2 or more distinct domains not in the same forest

Can you tell us if this is possible?
thanks Angelo

 

ps 

0 Kudos
2 Replies
DeanMoiler
by
Occasional Contributor
‎10-07-2021 03:00 AM

Hi Angelo,

Not too long ago we had a similar situation with new partners operating with multiple forests trying to access the same portal

It was technically possible to configure, given there was appropriate trust being configured between the forest/domains and using the GC's in each, but Portal would constantly complain that this was not happy about it in the logs.

The documentation used to indicate as such, though it now appears to be missing, but this is what it said:

DeanMoiler_0-1633600486813.jpeg

Perhaps this is not the case any longer, but would be worth confirming with Esri.

When we did have it configured and working, after upgrading from 10.6.1 to 10.7.1 users in the forest for which the service account using in the Identity Store Configuration would one first load have a 60 second white screen delay when accessing the portal home page.

For this reason we migrated users to SAML and haven't looked back.

If your domains are in the same forest, I believe all they need is access to a global catalog to make IWA work.

Hope this helps!

Dean

 

0 Kudos
AngeloTroiano
by Esri Contributor
Esri Contributor
‎10-07-2021 03:20 AM

Hello Dean

thansk a lot for your support

best regards Angelo