Federate a server site

The federation process links an ArcGIS Server site with ArcGIS Enterprise to extend the capabilities of your organization and to automatically share the server site's content with it.

In ArcGIS Enterprise on Kubernetes, the federation process is optional. It allows you to connect additional server sites that are running on Windows and Linux machines and work with their services in your organization. At this release, you can federate these types of Windows- and Linux-based servers with ArcGIS Enterprise on Kubernetes:

  • ArcGIS GIS Server
  • ArcGIS Image Server
  • ArcGIS Workflow Manager Server

Dive-in:

ArcGIS Enterprise on Kubernetes has its own services architecture based on Kubernetes pods and includes a hosting server. Once you've deployed ArcGIS Enterprise on Kubernetes, you can immediately begin publishing services, creating hosted layers, and running analysis workflows in Map Viewer.

For steps to federate a server with your organization, see Configure servers.

Note:

After conducting steps to federate a server site, some licensed server roles require you to additionally specify a server function from ArcGIS Enterprise Administrator API. As of 11.2, this requirement only applies to ArcGIS Workflow Manager Server sites. See Update (Server).

Services that exist on the ArcGIS Server site at the time of federation are automatically added as items to your organization, as are all services that are published to the server site in the future. These items are owned by the administrator who performs federation. After federation, the administrator can reassign ownership of these items to existing members. Any subsequent items you publish to the federated server are automatically added as items and are owned by the user who publishes them.

When you federate a server, the portal's security store controls all access to the server. This provides a convenient sign-in experience but also impacts how you access and administer the federated server. For example, when you federate a server, all users, roles, and permissions that you previously configured on ArcGIS Server services are no longer valid. Access to services is instead determined by organization members, roles, and sharing permissions.

The server site you federate should use a CA-signed certificate rather than a self-signed certificate.

Note:

Retired software versions are not guaranteed to be compatible with new versions. When federating supported server sites at prior versions, the version must be supported per the product life cycle policy to receive technical support.

Fine-grained access control of federated servers

You can update a federated server to restrict publishing and administrative access. Once updated, all organization administrators will still have administrative privileges on the server. Organization members with publisher privileges will not be granted publishing access to the server by default. Instead, publisher access to the server is controlled by a group named [federated server name]_Publishers or the item [federated server name]_Publishers. To gain publisher privileges to the server, the organization member must be either a member of the [federated server name]_Publishers group or a member of a group that the [federated server name]_Publishers item has been shared with. Likewise, additional administrative access to the server is controlled by a group named [federated server name]_Administrators or the item [federated server name]_Administrators. An organization member must be either a member of this group or a member of the group that the item has been shared with to gain administrative access to the server.

Fine-grained access control is configured in the ArcGIS Enterprise Administrator API. Once you have federated a server with your organization, follow the steps below to update the server to enable this control.

  1. Sign in to the ArcGIS Enterprise Administrator API as an organization member with administrative privileges.

    The URL is in the format https://organization.domain.com/context/admin.

  2. Click Organizations > Organization ID.
  3. Click Federation > Servers and click the server you want to edit.
  4. Click Update.
  5. From the Server role drop-down menu, choose Federated Server With Restricted Publishing.
  6. Click Update Server.

    You will now see the [federated server name]_Administrators and [federated server name]_Publishers groups as well as the corresponding items on the My Content page. These will be owned by the organization member who updated the server.