Zum Hauptinhalt gehen

Geocortex - Portal - Named User Levels?

Permanently deleted user

Hi folks, 

I'd love some confirmation please on how a Portal configured GCX site goes about consuming secured services?

 

We need to secure our map services from malicious attack, and from what I can tell - and having had discussions with our local Esri reps, if we go down the Portal route with Geocortex sites, we'd need Esri level 2 equivalent Named Users to consume (let alone edit) the secured map services?

 

The whole named user concept is proving rather challenging for us, and if we need a whole bunch of level 2 Named users just to access sites with secured services, the costs will blowout significantly from a non-portal enabled site config... 

 

I'm wondering how other Geocortex people are progressing in this Esri world of Portal, and Named users - particularly with secure services?

 

any feedback welcome

 

Gareth
0

Kommentare

5 Kommentare

Datum Stimmen
  • Brian Oevermann
    Gareth,

     

    FWIW, I've got ArcGIS 10.6.1 Enterprise with the Server federated with Portal. We currently have a VERY small number of Level 2 NUAs and a "standard" allocation of Level 1 NUAs. We set up SAML logins in Portal to provide a single-sign-on experience for our users. On Server we are using https and permissions in Portal are set to either 'Everyone' or 'Enterprise' depending upon the map service.

     

    Users log in via SAML to use the GCX viewer and none have issues connecting as Level 1. But... in reading your post you say "Portal configured GCX site". Does that mean that when you add a layer/map service to your viewer configuration you are connecting to Portal? Or do you connect to Server directly? I'm connecting to Server for the GCX viewers. Maybe that is the difference?

     

    I've set up a few editors for end users to edit data from within GCX. Those users are all Level 1s as well.

     

    Brian
    0
  • Permanently deleted user
    Brian,

     

    Thanks for the response...

     

    I should mention that this is a proposed Geocortex configuration. We currently don't use Portal so I'm investigating what is required from a named user perspective when it comes to using Portal with GCX. I should also say that I'm still getting my head around the Portal security concepts and was assuming that I'd need a portal based URL for each GCX site so as that I could lock them down at the Portal level, and not at the ArcGIS Server level?

     

    I've spoken to our local GCX distributors and they are of the opinion that we only need level 1 NUs for GCX editing so what you're saying actually backs up their responses. We'd ideally like to tap into our SAML based KeyCloak application also for authentication/SSO but that is another matter. 

     

    It's good to hear from someone who has been through the process so I thank you again for providing your experiences...

     

    regards

     

    Gareth

     

     
    0
  • Brian Oevermann
    Gareth,

     

    I hope others comment to expand on their experiences for you. Regarding SAML--I had initially set up a couple of users in Portal using Integrated Windows Authentication (IWA) but found out here in the GC forum that SAML was the only way to provide a SSO experience. So I paused the project a bit while we got the SAML stuff worked out. There were a few steps in Portal to work through but it was fairly painless. I had our IT Network guru export me an initial csv file of users to inject into Portal. Now I just add new employees manually as they arrive and delete accounts as staff leaves. I think there is a way to automatically connect Windows logins with Portal so you don't need to manually add new staff but we don't have enough Level 1 accounts to accommodate all staff in the City. The saving grace there is that we have staff that don't need to use Portal/GC viewers, such as the Pool lifeguards. :) Still, I think it's a bit stupid to limit the number of Level 1 users for an on-premise installation. But let's not go there with this thread!

     

     
    0
  • Richard Webb
    Hi Gareth,

     

    We have token secured map and feature services with ArcGIS Enterprise 10.7.

     

    I can confirm that viewers can consume those services but creators are required

     

    to edit.

     

    User-added image

     

    User-added image

     

    Regards,

     

    Richard Webb
    0
  • Richard Webb
    I can't resize above image.

     

    Also worth noting we are not using AD just built in portal users.

     

    User-added image

     

    User-added image
    0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.

Sie haben nicht gefunden, wonach Sie suchten?

Neuer Post