Open topic with navigation
Security providers store and manage the users and roles that are used for security. Security providers may also provide the web page where users sign in.
The security providers that you use depend on your IT infrastructure and business needs. Different security providers are appropriate in different circumstances.
Essentials supports the following security providers:
Anonymous Access: Anonymous access gives users access to the site without being authenticated.
Windows Integrated(Integrated Windows Authentication): Integrated Windows Authentication (IWA) uses Windows users and roles. If you use Active Directory with IWA, Essentials automatically uses the Active Directory users and roles.
Geocortex Identity Server: Geocortex Identity Server uses dedicated security software that is installed with Essentials. By default, Identity Server uses the membership and role providers that ship with Essentials. You can adapt Identity Server to use any ASP.NET-compatible membership and role providers. You can also adapt Identity Server to use legacy (Essentials 3.x) XML providers.
ArcGIS: The ArcGIS security provider uses Portal for ArcGIS or ArcGIS Online to perform authentication.
You can use multiple security providers. You can also create custom security providers.
Example: Windows Authentication and Identity Server
This example uses two security providers: the Windows Integrated security provider and Geocortex Identity Server.
Your company has Essentials sites that employees use regularly. In addition, the company sometimes hires outside contractors who need to access one or more of the sites. Essentials is secured. You use Integrated Windows Authentication to authenticate employees, and Geocortex Identity Server to authenticate contractors. Windows Authentication and Geocortex Identity Server are the only security providers that you use.
When a contractor is hired, you create a Geocortex Identity Server user for the contractor and apply permissions to the user. You change the security provider's name to Contractors, and then give the credentials to the contractor with instructions to sign in using Geocortex Identity Server.
When the contractor launches the viewer, the contractor is presented with a list of the enabled security providers, in this case, Geocortex Identity Server and Windows Integrated (shown below). The contractor selects Geocortex Identity Server. This opens the Identity Server sign-in dialog box and performs the authentication using Identity Server.
When employees launch the viewer, they select Windows Integrated. This authenticates them using Windows users and roles.
Sign-in page where the end user selects the security provider to sign in with
You must enable each security provider that you want to use to secure sites. Disable the providers that you do not use. The Windows Integrated and Anonymous Access security providers are enabled by default.
Having one or more security providers enabled does not secure your sites. You must also configure permissions.
To enable or disable a security provider:
To enable a security provider, select the Allow checkbox beside the security provider.
To disable a security provider, clear the Allow checkbox beside the security provider.
Checkboxes to enable and disable security providers
Click Apply Details.
If you use more than one security provider, end users select which security provider to sign in with. Editing a security provider enables you to change the security provider's name to something that is meaningful to end users. Note that you cannot change the name of the Anonymous Access security provider. End users never see this name, so there is no reason to change it.
Security providers have settings for the duration of security tokens: Access Token Duration and Refresh Token Duration. The default values for these settings are appropriate for most circumstances. Do not change these settings without first contacting Geocortex Support to discuss your needs. Make sure that you have adequate Support hours available.
To change a security provider's name:
Click the Edit icon beside the security provider that you want to configure.
In the Display Name box, enter a name that is meaningful to end users.
Click Apply Details.