You are here: Learning the Basics > Security > Authentication

Authentication

User authentication (the determining who you are) and authorization (determining what you have access to) for all your Rizing Geospatial applications is selected in App Manager's Authentication feature.

Note: For information regarding authenticating with ArcGIS Portal, please refer to the Configure Portal for ArcGIS topic.

Options include:

No Security

This option will disable any security checks and leave all functionality open to anyone who has access to the application and services. This option should only be used during testing or on a secure network.

To implement this option, follow the steps found here: No Security.

Built In Security

This option will use the application's security mechanism and all users, roles, and privileges will be stored internally. Application features are shown/hidden based on user privileges and services are secured through token-based authentication based on registered users and defined roles; all of which can be managed through the application interface.

To implement this option, follow the steps found here: Built In Security.

Windows Security

This option will authenticate users and roles based on Integrated Windows Authentication. This option requires that the application server (IIS) is on the same domain and has read access to the domain's Role/Group store. The users and roles that drive this security policy can be read from Active Directory or configured using the application server's user/groups functionality. Application privileges are still stored using the applications built in security mechanism, but the users and roles are stored and checked using windows authentication - privileges are simply mapped to windows roles/groups.

To implement this option, follow the steps found here: Windows Security.

Security Token Service (STS)

This option will authenticate users and verify roles based on the configured Security Token Service (STS) metadata. An STS is the service component that builds, signs, and issues security tokens according to the WS-Trust and WS-Federation protocols. A Security Token Service can be a cloud STS such as a LiveIDSTS, a pre-built STS such as Active Directory Federation Services (ADFS) or a custom STS. On authentication, STS should return identity information such as name, e-mail address and roles as claims.

To implement this option, follow the steps found here: Security Token Service.

IdentityServer

This option will authenticate users and roles against IdentityServer3. IdentityServer is a framework and a hostable component that allows implementing single sign-on and access control for modern web applications and APIs using protocols like OpenID Connect and OAuth2. It supports a wide range of clients like mobile, web, SPAs and desktop applications and is extensible to allow integration in new and existing architectures. You can learn more about this option here: IdentityServer Documentation.

To implement this option, follow the steps found here: IdentityServer.

Note: More details and information regarding security can be found in the Application Security topic.