Geocortex - Portal - Named User Levels?
Hi folks,
I'd love some confirmation please on how a Portal configured GCX site goes about consuming secured services?
We need to secure our map services from malicious attack, and from what I can tell - and having had discussions with our local Esri reps, if we go down the Portal route with Geocortex sites, we'd need Esri level 2 equivalent Named Users to consume (let alone edit) the secured map services?
The whole named user concept is proving rather challenging for us, and if we need a whole bunch of level 2 Named users just to access sites with secured services, the costs will blowout significantly from a non-portal enabled site config...
I'm wondering how other Geocortex people are progressing in this Esri world of Portal, and Named users - particularly with secure services?
any feedback welcome
Gareth
0
-
Gareth,
FWIW, I've got ArcGIS 10.6.1 Enterprise with the Server federated with Portal. We currently have a VERY small number of Level 2 NUAs and a "standard" allocation of Level 1 NUAs. We set up SAML logins in Portal to provide a single-sign-on experience for our users. On Server we are using https and permissions in Portal are set to either 'Everyone' or 'Enterprise' depending upon the map service.
Users log in via SAML to use the GCX viewer and none have issues connecting as Level 1. But... in reading your post you say "Portal configured GCX site". Does that mean that when you add a layer/map service to your viewer configuration you are connecting to Portal? Or do you connect to Server directly? I'm connecting to Server for the GCX viewers. Maybe that is the difference?
I've set up a few editors for end users to edit data from within GCX. Those users are all Level 1s as well.
Brian0 -
Brian,
Thanks for the response...
I should mention that this is a proposed Geocortex configuration. We currently don't use Portal so I'm investigating what is required from a named user perspective when it comes to using Portal with GCX. I should also say that I'm still getting my head around the Portal security concepts and was assuming that I'd need a portal based URL for each GCX site so as that I could lock them down at the Portal level, and not at the ArcGIS Server level?
I've spoken to our local GCX distributors and they are of the opinion that we only need level 1 NUs for GCX editing so what you're saying actually backs up their responses. We'd ideally like to tap into our SAML based KeyCloak application also for authentication/SSO but that is another matter.
It's good to hear from someone who has been through the process so I thank you again for providing your experiences...
regards
Gareth0 -
Gareth,
I hope others comment to expand on their experiences for you. Regarding SAML--I had initially set up a couple of users in Portal using Integrated Windows Authentication (IWA) but found out here in the GC forum that SAML was the only way to provide a SSO experience. So I paused the project a bit while we got the SAML stuff worked out. There were a few steps in Portal to work through but it was fairly painless. I had our IT Network guru export me an initial csv file of users to inject into Portal. Now I just add new employees manually as they arrive and delete accounts as staff leaves. I think there is a way to automatically connect Windows logins with Portal so you don't need to manually add new staff but we don't have enough Level 1 accounts to accommodate all staff in the City. The saving grace there is that we have staff that don't need to use Portal/GC viewers, such as the Pool lifeguards. :) Still, I think it's a bit stupid to limit the number of Level 1 users for an on-premise installation. But let's not go there with this thread!0 -
Hi Gareth,
We have token secured map and feature services with ArcGIS Enterprise 10.7.
I can confirm that viewers can consume those services but creators are required
to edit.
Regards,
Richard Webb0 -
I can't resize above image.
Also worth noting we are not using AD just built in portal users.
0
Please sign in to leave a comment.
Comments
5 comments