Connect to secure services

Services you add from the web or your hosted web layers may be secure. Anyone connecting to a map or app that contains these services or layers must have permission to use them. To avoid access problems, you can add the secure services to your portal as items, grant specific groups in your organization access to the service items, and use the URLs of those service items in your maps and apps.

Import the server certificate from an external organization

Before you can connect to the secure service, you must configure the portal to trust the server certificate from the external organization where the service originates. For example, when you add a secure service from an external ArcGIS Server site, you must import that site's certificate into the portal. This establishes a trust relationship between the site and the portal, allowing you access to the service.

Add the service to the portal

Add the secure service or web layer to the portal. If prompted, store the credentials needed to connect to the service.

  1. Verify that you are signed in and have the privilege to create, update, and delete content.
  2. On the My content tab of the content page, click New item.
  3. Choose URL.
  4. Type or paste the REST URL of the secure service in the URL field.
  5. If the portal did not detect what service type is being added, use the Type drop-down list to choose the correct service type.
  6. Enable the toggle button next to Store credentials with service item. Do not prompt for authentication.
  7. Optionally, add custom parameters to the service.
  8. Click Next.

    You are prompted to supply the credentials for the secure service.

  9. Type the user name and password to access the secure service and click OK.
  10. The service title is automatically populated with the name of the service.
  11. Choose a folder in My content where you want to save the item.

    Alternatively, you can choose Create new folder from the menu and type a folder name to save the item in a new folder.

  12. Optionally, type tags that describe the item.

    Separate the terms with commas (for example, Federal land is considered one tag, and Federal, land is considered two tags).

    As you type, you can select any of the suggested tags that appear; suggestions are generated from tags you previously added.

  13. The Summary field is populated if the service has a summary.
  14. If the service does not have a summary, provide a summary that describes the service item.
  15. If your administrator has configured a classification schema, classify the item as needed under Classification.

    If your administrator has defined a schema help document, you can access it by clicking Information Information at the top of the classification form. Refer to this document for details about the classification options.

    Note:

    Classifying an item does not restrict access to it. The classification you assign to the item, which appears on the item page, provides a visual indication of the extent of security and safeguarding it warrants and can help organization members identify the correct way to interact with it. You need to set the appropriate sharing level to restrict access to the item.

  16. Click Save.

The service is added as an item to your content page.

Repeat these steps for each secure service you want to use in your portal.

Share the service with a group

It is recommended that you create a group to share the service item with, and limit the group to the members of the organization who you want to access your secure service.

  1. On the My content tab of the content page, check the box next to the title of the secure service item.
  2. Click Share.

    The Share window appears.

  3. Check the box next to the group with which you want to share the service item and click OK.

    The content page shows the service is shared with a group.

Use the REST URL of the service item in maps that contain secure services

Use the REST URLs of the service items instead of the secure service URLs in your map or app so that users connecting to the map or app don't have to provide credentials to connect to every service.