A common workflow in distributed collaborations between ArcGIS Enterprise organizations is to share map, feature, and image services by reference. In these cases the data isn’t copied, but the service URL is made available to all Enterprise organizations participating in the collaboration. This allows it to be searched for and added to web maps and web apps. That’s great, but if the service is secured (not shared with everyone), users trying to access the service must provide credentials to view the data. These are not their own credentials but rather credentials for a user from the originating Enterprise organization. In many cases, this requires administrators to set up additional accounts and requires users to remember another set of credentials, which can be a lot of overhead. Many organizations asked for a way to make these shared services accessible without needing to provide credentials.
At 10.8 we added the ability to save Viewer credentials for all services shared by reference using distributed collaboration. While possible in 10.8, it was a bit difficult to find that resource in the REST API.
At 10.8.1 we added the option to make these changes from directly within the Enterprise portal. This means a user with the privilege ‘Collaborations’ can edit a collaboration workspace and enable or disable this feature. Let’s take a closer look.
In the example below, from within the Enterprise portal under Organization > Settings > Collaborations, a ‘Sharing_Services’ collaboration has already been established.
When I click on the Sharing_Services collaboration, I see the list of workspaces defined for the collaboration.
If I click on the workspace, information about the workspace is displayed including the new option to “Allow participants to view services without signing into this portal”. The new option is circled below.
Click on Edit to add, remove, or update these credentials.
The credentials entered here must belong to a member assigned a Viewer user type and the member must have access to the group associated with the workspace. If credentials are entered for a member with any other user type assigned or the member does not have access to the group, you will receive an error.
Once saved, these credentials are encrypted and used by the other participating Enterprise organizations. Any existing services that have already been shared with collaboration groups will be updated with the credentials and any new service shared will have the credentials saved by default. When a user accesses the shared services in one of the recipient Enterprise organizations, they will no longer be asked to provide credentials, providing a seamless experience.
If the credentials are removed from the workspace, the existing services will be updated and restored to the original urls. A user that accesses the shared service from a recipient Enterprise organization will be required to enter credentials to view the service.
There are a few things to remember:
- This ability to save Viewer credentials is only available in Enterprise to Enterprise collaborations. It is not available when collaborating with ArcGIS Online.
- Since these saved credentials are for a member with the Viewer role, it is not possible to perform any edits on shared feature services, as Viewers only have privileges to view content, not edit.
- This feature is available in ArcGIS Enterprise release 10.8 and later. Any participating Enterprise organizations with earlier releases will not be able to take advantage of this.
More information is available in the ArcGIS Enterprise help documentation including details on how to add the Viewer credentials to a workspace as a collaboration host or as a collaboration guest.
Article Discussion: