Configure Security

<< Click to Display Table of Contents >>

Navigation:  »No topics above this level«

Configure Security

Previous pageReturn to chapter overviewNext page

Access to your VertiGIS Studio Analytics instance is enabled and controlled by security providers and groups. A security provider for Analytics is a service or group of services that work together to provide authentication.

By default, the security provider is Microsoft Windows. It is possible to configure Analytics so that users can use their ArcGIS Online (AGOL) or Portal for ArcGIS credentials to connect. As an administrator, you can configure the user’s level of permissions based on which groups they are in. This allows for two methods to configure security to Analytics:

 

Configure with Windows (default method).

Access to Analytics is granted based on Windows authentication.

Members of select local groups get either viewer or admin access. Optionally, you can assign viewer/admin rights to members of domain groups.

Configure with ArcGIS Online / Portal for ArcGIS

Configure a security provider (AGOL or Portal).

For that provider, add a group and assign viewer/admin rights.

 

Note that only administrators can configure security in Analytics.

Windows is added automatically as a provider and cannot be removed.

 

One reason for using an alternate security provider is for ease of maintenance. For instance, you can create an Analytics Admins and Analytics Viewers group in your Portal (or AGOL) and configure them to have admin and viewer privileges in Analytics. That allows you to manage your users in one place. When a new employee starts, you can add them to Portal (or AGOL) and put them in either group. This allows appropriate access to Analytics without having to configure anything for that user within Analytics.

Another reason to use AGOL or Portal as a security provider is to separate user admin duties away from the IT system administrator and place them under the GIS administrator’s purview.

 

Use Windows for Security

There are two methods for using Windows as a security provider for Analytics:

Use domain groups.

Use local groups.

 

Use Domain Groups for Security

In this method, you can create new groups in Analytics and add domain groups to them. You can configure the new groups to have either viewer or admin rights.

 

How to use domain groups for security:

1.In Configured Groups and Permissions section, click Add Group.

2.In the Provider dropdown, select Windows and click Next.

3.Enter the domain group in the Windows Group Name field. The format should be like DOMAIN\group.

4.Select either Viewer or Admin in the Permissions dropdown. Click Finish.

 

Use Local Groups for Security

The installation of Analytics creates two local groups: Analytics Admins and Analytics Viewers. They are added to the Hub server with appropriate permissions.

The default security provider is Microsoft Windows, and has three associated local groups:

1.Windows Administrators - Admin-level permissions to Analytics.

2.Analytics Admins - Admin-level permissions to Analytics.

3.Analytics Viewers - Viewer-level permissions to Analytics.

 

You can see these groups under Settings > Security > Configured Groups and Permissions.

config group and permissions

 

How to use local groups for security:

1.From the server running Analytics and while logged in with Administrator privileges, open Computer Management.

2.Open Local Users and Groups > Groups.

3.Add users to their respective groups, either Analytics Viewers or Analytics Admins to grant them permissions.
 
computer management

 

 

 

Use AGOL/Portal for Security

 

There are two steps to use AGOL/Portal for security:

1.Add the security provider for either ArcGIS Online or Portal.

2.Add a new group and configure permissions.

 

How to add AGOL/Portal as a security provider:

1.In Settings > Security > Configured Providers, click Add Provider.

2.In the Add Security Provider page, select either ArcGIS Online or Portal for ArcGIS in the Provider Type dropdown and click Next.

3.Enter the ArcGIS Online Organization/Portal URL, App ID, and App Secret. See Add an App in Portal and ArcGIS Online for detailed instructions for adding an app and to acquire an App ID and App Secret.

4.Optionally, enter the Backend URL if the portal uses Integrated Windows Authentication (IWA). To use a portal with IWA, the backend URL must be accessible by the Analytics Hub server. The Backend URL is equivalent to the Admin URL found in the Portal Administrator Directory > Home > Machines > Portal_domain_name.
 
portal-admin

5.The Redirect URI field automatically populates and is used by the security provider to navigate to the sign in page. It is also used when configuring an app. Using the copy icon, copy the Redirect URI to use when adding an App in Portal or ArcGIS Online.

6.Click Next to continue.

7.AGOL/Portal will prompt you to sign in to verify that you are a member of the organization, and that Analytics can use the sign in without any issues.

8.After logging on to AGOL/Portal, enter a Display Name for this provider and click Finish. The Display Name is shown on the Analytics sign in page and used in the list of providers that can be edited or deleted.

9.Verify the addition of the provider in the Configured Providers table.

 

 

How to modify a provider:

1.In Configured Providers, click the edit icon VSS_clip0001.

2.Click the Provider field to edit the display name of the provider.

3.Click the Display Order field or the up/down arrows to change the display order. The Display Order value controls the order of the provider button(s) on the sign in page.

4.Click the check icon VSS_clip0002 to save changes.

5.(optional) Click the cancel icon VSS_clip0003 to cancel the edit operation.

6.(optional) Click the trash icon VSS_clip0004 to delete the provider.

 

Removing a security provider removes all groups/permissions associated with that security provider.

The default Windows provider can be renamed, but not removed.

 

How to modify a group’s permissions:

1.In Configured Groups and Permissions, click the edit icon VSS_clip0001.

2.Click the Permissions field to edit the permissions.

3.Click the check icon VSS_clip0002 to save changes.

4.(optional) Click the cancel icon VSS_clip0003 to cancel the edit operation.

5.(optional) Click the trash icon VSS_clip0004 to delete the group.

 

Users cannot change the permissions of the local Windows Administrators, Analytics Admins, or Analytics Viewers groups.

 

How to acquire a Group ID for AGOL/Portal:

A group is a collection of items usually related to a specific area of interest. You can create groups to organize and share your items. As a group owner, you decide who can find the group, who can join, and who can contribute content. Each group has an ID associated with it in AGOL/Portal.

1.Go to the Group in AGOL/Portal via the Groups menu.

2.From the URL in the address bar, copy the ID.
e.g., if the URL is

VSS_clip0009,

then the ID is 1d1f24e8556642f49448f1c88b5a571b.