Update Security Configuration

Description

This operation can be used to update the portal's security settings, such as whether or not enterprise accounts are automatically registered as members of your ArcGIS organization the first time they accesses the portal.

The security configuration is stored as a collection of properties in a JSON object. The following properties are supported:

The automatic account creation flag (enableAutomaticAccountCreation) determines the behavior for unregistered enterprise accounts the first time they access the portal. When the value for this property is set to false, first time users are not automatically registered as members of your ArcGIS organization, and have the same access privileges as other nonmembers. For these accounts to sign in, an administrator must register the enterprise accounts using the Create User operation.

The default value for the enableAutomaticAccountCreation property is false. When this value is set to true, portal will add enterprise accounts automatically as members of your ArcGIS organization.

NoteNote:

Be aware that when enableAutomaticAccountCreation is set to true, enterprise accounts are added as members of your organization not only when the user browses to your portal web site, but also when they view embedded web maps from your portal, or view a web map or web application from a link. This could result in a rapid increase in the number of accounts in your portal.

The disableServicesDirectory property controls whether the HTML pages of the services directory should be accessible to the users. The default value for this property is false, meaning the services directory HTML pages are accessible to everyone.

Use the defaultRoleForUser property to set which role the portal automatically assigns to new member accounts. By default, new accounts are assigned to account_user. Other possible values are account_publisher or the ID of one of the custom roles defined in the ArcGIS organization. To obtain the ID of a custom role,

  1. Log in to the portal sharing directory.
  2. Go to Portals > Self > Roles.
  3. Copy the custom role ID you want to use.

The allowedProxyHosts property restricts what hosts the portal can access directly. This restriction applies to several scenarios, including when the portal accesses resources from a server that does not support Cross Origin Resource Sharing (CORS) or when saving credentials used to access a secure service. By default, this property is not defined and no restrictions are applied. Define the allowedProxyHosts with a comma-separated list of hostnames to restrict the hosts the portal can access directly. Use the format (.*).domain.com to allow access to all machines within a specified domain.

Request Parameters

Parameter

Details

securityConfig

The JSON object containing the above listed properties.

Example Usage

https://server.domain.com/gis/portaladmin/security/config/update
securityConfig={"disableServicesDirectory":false,"enableAutomaticAccountCreation":true, "defaultRoleForUser": 12aBC3D4EF5ghIJ}

JSON Response Syntax

{
  "enableAutomaticAccountCreation": true|false,
  "disableServicesDirectory": true|false,
  "defaultRoleForUser": "account_user"|"account_publisher"|<custom role ID>
}

3/3/2017