About configuring portal authentication

The primary factor that decides how you configure security in your Portal for ArcGIS deployment is the source of users for your portal. This source of users is called your identity provider. The portal can be used to share to users within your organization or users external to your organization.

If the people accessing your portal are in your organization, typically you configure the portal to use the same accounts you use in your organization to log into the network and computers. These accounts can be stored in an LDAP server or an Active Directory server and are called enterprise users.

If people outside your organization (in other words, people who don't have access to your network) will access your portal, you can create accounts within the portal for their use. These are referred to as built-in users.

Once you know which identity provider you will use, you need to decide how people will authenticate, or prove they are who they say they are. For built-in users, authentication is always done by Portal for ArcGIS, and no additional decision needs to be made. For enterprise users, authentication must be done by the web server where your ArcGIS Web Adaptor is hosted.

The following are common choices for authentication: HTTP authentication, Windows authentication, and client certificates (which are part of a public key infrastructure). HTTP authentication and Windows authentication have a similar user experience in that they both require a user name and password and are often used together. Client certificates are used in a public key infrastructure (PKI) environment where users typically authenticate via a card they insert into their computers using a personal identification number.

No steps are necessary to configure the portal for use with built-in users; the portal is ready for built-in users immediately after installing the software. If you are using enterprise users, see the following sections and their related links for more information.

Integrated Windows Authentication

If your portal is running on a Windows server and you have a Windows Active Directory configured, you can use Integrated Windows Authentication to connect to your portal. To use Windows authentication, your Web Adaptor must be deployed to Microsoft 's IIS web server.

Lightweight Directory Access Protocol (LDAP)

If you have an LDAP directory, you can use it with Portal for ArcGIS. See Using your portal with LDAP and web-tier authentication for more information. If you want to use LDAP users, your Web Adaptor must be deployed to a Java application server such as Apache Tomcat, IBM WebSphere, or Oracle WebLogic.

Public key infrastructure authentication

If your organization has a PKI, you can use certificates to authenticate communication with your portal using the Secure Socket Layer (SSL) protocol. When authenticating users, you have the option to use Windows Active Directory or Lightweight Directory Access Protocol (LDAP). To use Windows authentication, your Web Adaptor must be deployed to Microsoft 's IIS web server. To use LDAP, your Web Adaptor must be deployed to a Java application server such as Apache Tomcat, IBM WebSphere, or Oracle WebLogic.

5/5/2015