Setting up your portal and federated server to use Windows accounts

This topic explains how you can allow users to log in to Portal for ArcGIS and your ArcGIS Server site using their Windows logins and passwords. This can be a convenient way to manage many portal users, because you don't have to manage different sets of logins. Users also like this approach because they don't have to remember a separate user name and password.

Logging in to the portal and server with Windows accounts is possible through Integrated Windows Authentication (IWA), a feature of the IIS web server. You'll perform several tasks in IIS Manager as you configure your portal and server to use IWA.

This topic describes how you can set up your portal to use IWA and federate an ArcGIS Server site with your portal. The required workflow has these general steps:

  1. Install Portal for ArcGIS and the ArcGIS Web Adaptor (IIS).
  2. Install ArcGIS Server.
  3. Configure your portal to use IWA.
  4. Federate your server with the portal.

Install Portal for ArcGIS and the ArcGIS Web Adaptor (IIS)

Follow the instructions in the help sections Installing Portal for ArcGIS and Configuring the Web Adaptor with Portal for ArcGIS.

Install ArcGIS for Server

Follow the instructions in the ArcGIS for Server (Windows) installation guide to install ArcGIS for Server. Use of a Web Adaptor with ArcGIS Server is optional.

Configure your portal to use IWA

Once your software is installed and authorized, you can configure your portal to use IWA. Follow all the steps in Using Integrated Windows Authentication with your portal. This takes you through the process of requiring HTTPS with your portal, setting up IWA, and designating a Windows account as an administrator for the portal.

To verify that you've configured IWA correctly, open the portal website from a Windows machine in your network. If IWA is configured properly, you will not see a Sign In link in the upper-right hand corner of the browser window. If you see a Sign In link in the upper-right hand corner, you either missed a step or need to troubleshoot further.

Federate your server with the portal

Once you've verified that IWA is working on your portal, you can federate your ArcGIS Server site with the portal.

If you have an existing ArcGIS Server site that is using IWA, you must disable IWA on the ArcGIS Server site before you can federate it with your portal. Follow the instructions in the following section to disable IWA on your server before proceeding. If your ArcGIS Server site is not already using IWA, you can skip this section.

Disable IWA on your ArcGIS Server site

It's possible that you have already been using IWA with ArcGIS Server and now want to use it with both your portal and the server. Although it may sound counterintuitive, you need to disable IWA on your ArcGIS Server site. This is necessary so that your site is free to federate with the portal and read the portal's users and roles from IWA.

Do the following to disable IWA on your existing ArcGIS Server site:

Steps:
  1. Log in to your ArcGIS Server web server and open Internet Information Services (IIS) Manager.
  2. In the IIS Connections panel, expand the tree, and click your Web Adaptor node.

    The Web Adaptor node will be arcgis if you accepted the default Web Adaptor name.

  3. Double-click Authentication.
  4. Click Windows Authentication and click Disable.
  5. Click Anonymous Authentication and click Enable.
  6. Close IIS Manager.

Federate your server

Follow the instructions in Federating an ArcGIS Server site with your portal, making sure that in Step 1 you choose HTTPS only. This is required with IWA.

After performing the above linked steps, you will have a portal and a server that are both drawing their users and roles from your network's list of Windows accounts. You set portal and server permissions for these users using the My Organization page of the portal website.

Once the ArcGIS Server site is federated with the portal, you must always open Server Manager using an HTTPS URL, such as https://gisserver.domain.com:6443/arcgis/manager. The federated server is using the same authentication method as your portal; therefore, you will be logged in to Manager using your Windows account.

The diagram below shows a federated portal and server architecture with IWA successfully configured.

Architecture for IWA on a federated server

5/5/2015