1 / 14

Using Enterprise Logins in Portal for ArcGIS via SAML

Using Enterprise Logins in Portal for ArcGIS via SAML. Greg Ponto & Tom Shippee. Session Agenda. What we will cover…. Introduction to SAML Configuring SAML use case Final thoughts…. What is…. The Holy Grail for Security?. Why is single sign-on (SSO) so important?. Everyone benefits…!.

ericagomez
Download Presentation

Using Enterprise Logins in Portal for ArcGIS via SAML

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee

  2. Session Agenda What we will cover… • Introduction to SAML • Configuring SAML use case • Final thoughts…

  3. What is… The Holy Grail for Security?

  4. Why is single sign-on (SSO) so important? Everyone benefits…! • Administrators: • One set of users to manage • More robust security • Users: • One set of credentials to remember • Single sign-on experience • Developers: • Don’t have to reinvent security • Leverage more advanced security options

  5. Where does SAML fit into the SSO story? • Enables… • Remote WAN authentication via HTTP • Users can come from a variety of enterprise stores • It is the Security Assertion Markup Language • Not a specific solution • Provides a framework for remote authentication • Highly flexible – works with a wide variety of apps • Popular • Lots of SAML solutions out there • Expanding security framework

  6. Citizens SAML use cases for ArcGIS portals Leveraging enterprise users via HTTP authentication… • ArcGIS Online • Leverage existing enterprise user account in the cloud. • Only single sign-on option • Portal for ArcGIS • Allow both enterprise (staff) and built-in access (vendors) • Provide access for users from multiple domains in an AD forest Anonymous Portal for ArcGIS Built-in accounts + SAML Enterprise Vendors Windows AD Employees

  7. How does SAML authentication work? Who are the players and how do they interact? • Service Provider (SP): Secured application (e.g., Portal for ArcGIS) • Identity Provider (IdP): Authentication app (e.g., AD FS) • User: Needs to gain application access 1) Initial service request 3) IdP authentication ArcGIS Server 2) Redirect to IdP 4) Return SAML token 5) SAML token allows access User Application SP ArcGIS Online Portal for ArcGIS SAML IdP AD FS

  8. How is SAML configured? You must establish a trust… • Get Service Provider Metadata from Portal • Configure IdP to Trust Portal • Get Federation Metadata from IdP • Configure Portal to Trust IdP • Define enterprise admin SP Metadata IdP FederationMetadata Administrator Application SP Portal for ArcGIS SAML IdP AD FS

  9. Demo Configure SAML in Portal for ArcGIS

  10. Security best practices & tips Important details that close security holes… • Portal settings to enable or disable… • SSL only • Anonymous access • Auto account creation from enterprise login • Create built-in accounts at login • Admin user accounts • Remove or demote portal admin account • Add other built-in accounts (customers/vendors)

  11. Getting outside help… When should you call Esri Professional Services…? Get It Done Right with Esri Professional Services • Security Architecture Services • Review • Guidance • Optimization • Contact the Security Standards & Architecture team • SecureSoftwareServices@Esri.com for more info

  12. Thank you… • Please fill out the session survey in your mobile app • Select Technical Workshop in the Mobile App • Use the Search Feature to quickly find this title or presenter name • Click “Technical Workshop Survey” • Answer a few short questions and enter any comments

  13. Other security sessions to checkout… • Enterprise GIS: Security Strategy • Thursday, 23 Jul 2015, 3:15pm - 4:30pm - Location: Ballroom 06 E • ArcGIS Server and Portal for ArcGIS: An Introduction to Security • Thursday, 23 Jul 2015, 1:30pm - 2:45pm - Location: Room 04 • ArcGIS Server: Advanced Security • Wednesday, 22 Jul 2015, 3:15pm - 4:30pm - Location: Room 03 • Thursday, 23 Jul 2015, 3:15pm - 4:30pm - Location: Room 04 • ArcGIS Online: A Security, Privacy, and Compliance Overview • Wednesday, 22 Jul 2015, 10:15am - 11:30am - Location: Room 17 B Questions?

More Related