When you first install Portal for ArcGIS and configure the ArcGIS Web Adaptor with your portal, you will find the following:
- The URL to the portal is only known to the administrator who set up the Portal for ArcGIS deployment.
- Portal for ArcGIS initially has only one account, the initial administrator account you specified when you first logged in to the portal website. This is not an operating system account; it's an account that is used only for logging in to the portal.
- Administrator credentials are secured using HTTPS through the web server hosting the Web Adaptor.
- All administration operations are initially secure and can only be performed by the administrator account.
These settings are only sufficient for the initial testing and development of your Portal for ArcGIS deployment. In a production environment, you will want to configure your portal's security further. The topics in this help book describe how to do the following:
- Limit who can access your portal and use items and services
- Control who can administer the portal and publish items and services
- Encrypt communication with your portal
To learn more about how to secure your portal, see About configuring portal authentication to get started.
To reduce the vulnerability of your portal, you should follow best practices such as disabling anonymous access to the portal. Some of these recommendations are outlined in Security best practices.