ArcGIS Enterprise has many configurable options and capabilities to meet stringent security requirements. These capabilities are described on this page. In addition, see the Best Practices section for a general list of recommended steps to consider when deploying ArcGIS Enterprise in an environment.
For related documents such as presentations about "Designing a Web GIS Security Strategy", see Documents.
Configure users and roles for your ArcGIS Enterprise implementation in a way that aligns with organizational policies and minimizes administrative burden. Additional guidance is available in Configuring ArcGIS Enterprise Security.
- Administrators - Full admin control
- Publishers - Publish web services
- Users - View web services
- Identity Store
- Built-in ArcGIS Server user store (default) - Manage users and roles in built-in store
- Enterprise Identity Store (an organization's existing Active Directory or LDAP) - Leverage users and roles from an enterprise store
- Mixed Mode - Users from the enterprise Identity Store and roles managed in ArcGIS Server built-in store
- Portal and ArcGIS Server federation
- In a federated configuration, Portal for ArcGIS serves as a configurable front-end for ArcGIS Server and is responsible for authentication of end users. As such, Enterprise Logins using SAML 2.0 Web Single Sign-On can be leveraged in versions 10.3 and later.
- Deploy ArcGIS Enterprise within your organization and benefit from existing enterprise security infrastructure such as firewalls, anti-virus, intrusion detection system and/or security information and event management system. Refer to guidance regarding best practices for configuring a secure ArcGIS Server environment and Security best practices for Portal for ArcGIS.
- Deploy ArcGIS Enterprise into a public or private cloud of choice and manage all associated infrastructure. Benefit from cloud scaling capabilities.
- Cloud (Esri Managed)
- Deploy ArcGIS Enterprise into the cloud and have your GIS as well as associated infrastructure (such as database) managed by Esri Managed Services.
- Esri Managed Cloud Services Advanced Plus
- For higher security needs, EMCS Advanced Plus is now available where ArcGIS Enterprise is deployed in the cloud. Notably, EMCS Advanced Plus has several key security benefits to align with stringent FedRAMP Moderate security standards. These benefits include: a fully hardened environment, Intrusion Detection System (IDS), Security Information and Event Management (SIEM), vulnerability scanning, real-time network analysis for threats, performance monitoring, log management, 24/7 monitoring for threats and a mature backup strategy.