You can allow users to log in to Portal for ArcGIS and your ArcGIS Server site using their Windows logins and passwords. This can be a convenient way to manage many portal users, because you don't have to manage different sets of logins. Users also like this approach because they don't have to remember a separate user name and password.
Logging in to the portal and server with Windows accounts is possible through Integrated Windows Authentication (IWA), a feature of the IIS web server. You'll perform several tasks in IIS Manager as you configure your portal and server to use IWA.
This topic describes how you can set up your portal to use IWA and federate an ArcGIS Server site with your portal. The required workflow has these general steps:
- Install Portal for ArcGIS and ArcGIS Web Adaptor (IIS).
- Install ArcGIS Server.
- Configure your portal to use IWA.
- Federate your server with the portal.
Install Portal for ArcGIS and ArcGIS Web Adaptor (IIS)
Follow the instructions in the help sections Installing Portal for ArcGIS and Configuring the Web Adaptor with Portal for ArcGIS.
Install ArcGIS Server and ArcGIS Web Adaptor (IIS)
Follow the instructions in the ArcGIS Server (Windows) installation guide to install ArcGIS Server. Once installation is complete, ensure that the security configuration is set to use ArcGIS Server built-in users and roles. This is required for federation. The web adaptor for ArcGIS Server can be updated to use the same authentication as the portal web adaptor (IWA or PKI client certificate authentication).
Configure your portal to use IWA
Once your software is installed and authorized, you can configure your portal to use IWA. Follow the steps in Using Integrated Windows Authentication with your portal. This takes you through the process of setting up IWA and designating a Windows account as an administrator for the portal.
To verify that you've configured IWA correctly, open the portal website from a Windows machine in your network. If IWA is configured properly, you will not see a Sign In link in the upper right hand corner of the browser window. If you see a Sign In link in the upper right-hand corner, you either missed a step or need to troubleshoot further.
Federate your server with the portal
Once you've verified that IWA or PKI client certificate authentication is working on your portal, you can federate your ArcGIS Server site with the portal.
If you have an existing ArcGIS Server site that is using IWA, you must configure the user store and role store to be built-in on the ArcGIS Server site before you can federate it with your portal. The web adaptor for ArcGIS Server can remain configured with Windows authentication.
Federate your server
Follow the instructions in Federating an ArcGIS Server site with your portal, making sure that in step 1 you choose HTTPS only. This is required with IWA.
After performing the above linked steps, you will have a portal and a server that are drawing their users and roles from your network's list of Windows accounts. You set portal and server permissions for these users using the Organization page of the portal website.
Once the ArcGIS Server site is federated with the portal, you must always open Server Manager using an HTTPS URL, such as https://gisserver.domain.com:6443/arcgis/manager. The federated server is using the same authentication method as your portal; therefore, you will be logged in to Manager using your Windows account.
The diagram below shows a federated portal and server architecture with IWA successfully configured.