Skip To Content

Configuring ArcGIS Server's authentication tier

In this topic

Authentication is the process of verifying the identity of a user. In ArcGIS Server, this can be done by using either ArcGIS token-based authentication or web-tier authentication.

ArcGIS Server authentication

When authentication is done at the GIS server tier, users are authenticated using Esri's proprietary ArcGIS token-based authentication mechanism. ArcGIS Server authentication is the most common method used when GIS web services are primarily consumed by client applications. For information on how ArcGIS token-based authentication works, see About ArcGIS tokens.

Web-tier authentication

If you have Windows Active Directory, you can use Integrated Windows Authentication to connect to ArcGIS Server. This enables an automatic or single-sign on experience for users of the site through web-tier authentication. To use Integrated Windows Authentication, you must use ArcGIS Web Adaptor (IIS) deployed to Microsoft's IIS web server. You cannot use ArcGIS Web Adaptor (Java Platform) to perform Integrated Windows Authentication.

If you have an LDAP directory, you can use it with ArcGIS Server. To use LDAP, you must deploy your Web Adaptor to a Java application server such as Apache Tomcat, IBM WebSphere, or Oracle WebLogic. You cannot use ArcGIS Web Adaptor (IIS) to perform web-tier authentication with LDAP.

If your organization has PKI, you can use certificates to authenticate communication with your server using the Secure Socket Layer (SSL) protocol. When authenticating users, you have the option to use Windows Active Directory or Lightweight Directory Access Protocol (LDAP). To use Windows authentication, your Web Adaptor must be deployed to Microsoft 's IIS web server. To use LDAP, your Web Adaptor must be deployed to a Java application server such as Apache Tomcat, IBM WebSphere, or Oracle WebLogic. It is not possible to enable anonymous access to your site when using PKI.

Note:

When configuring the Web Adaptor, you must enable administration through the Web Adaptor. This allows users in your enterprise identity store to publish services from ArcGIS for Desktop. When the users in these roles connect to the server in ArcGIS for Desktop, they must specify the Web Adaptor URL.