ArcGIS Online

Using the con terra Technologies Identity Service, map.apps can delegate the authentication of users to ArcGIS Online. This means that a user can log in to map.apps with an ArcGIS Online account. Groups and roles of the ArcGIS Online user are translated into roles for map.apps.

Connecting to ArcGIS Online creates the following possibilities:

  • Assignment of roles for the use of map.apps Manager

  • Protection of apps

  • Protection of tools

  • Use of non-public content such as webmaps or layers without re-registration (single sign-on)

Connecting to ArcGIS Online has the following limitations:

  • Apps exported with the app export for native apps do not support the authentication. Apps with anonymous access are still supported.

Create connection between map.apps and ArcGIS Online

Connecting map.apps with ArcGIS Online is done in several steps.

Step 1: Install and configure the Identity Service

In this step you will install and configure the Identity Service as a separate web application. Follow these steps of the Identity Service documentation:

  1. Install the Identity Service.

  2. Connect the Identity Service to ArcGIS Online.

  3. If map.apps and Identity Service are not made available via the same hostname, adapt the configuration according to the documentation for operating different hostnames under one domain.

Step 2: Configure map.apps

To enable authentication delegation, add or replace the following parameters in the global configuration.

Configuration example
security.mode=IDENTITY
security.login.base=https://identityservice.example.com/identity
esri.api.arcgisPortalUrl=https://myorg.maps.arcgis.com
security.mode

The IDENTITY value specifies that authentication should be delegated via the Identity Service.

security.login.base

Base URL of the Identity Service.

esri.api.arcgisPortalUrl

URL to the ArcGIS Online organization. The value must match the configuration for security.oauth.provider.arcgis.url in the Identity Service.

Allow App Overview only for logged in users

To allow only people with a valid login to access the map.apps app overview, set the following configuration:

# this is used to specify the protected resource paths (which require authentication before use)
# add '/,/*.html' to protect the index.html
security.application.protectedResources=/,/*.html

Step 3: Customize role assignment

map.apps grants access to protected resources depending on roles to which a user is assigned. For example, only users assigned to the maAdmin role can access the map.apps Manager. Additionally, you can make the visibility of apps or tools dependent on specific roles.

The assignment of roles to users is performed by the Identity Service based on role and group assignments in ArcGIS Online. By default, the Identity Service is configured so that all administrators in ArcGIS Online receive the maAdmin role. These users can then also log in to the map.apps Manager and manage apps.

In the documentation on role assignment in the Identity Service, you can find more information about how the Identity Service translates roles and groups from ArcGIS Online into roles for accessing map.apps and how you can adapt the assignment to your requirements.

Configure your apps

To control access to an app, select the authorized roles in the settings in map.apps manager.

If you want to display user profile information in an app, add the bundle authentication to that app. This will also provide an option to logout.

Optionally, you can register each map.apps app in ArcGIS Online using the register app in ArcGIS function of the map.apps Manager. This step adds the authentication and portal-app-security bundles to the app and adds necessary entries in the properties section to the app configuration. Set additional sharing settings in the created item in ArcGIS Online to specify who is allowed to access the app. These sharing settings only have a supplementary effect to the app-specific access settings made in map.apps.