Skip to content

Commit 86ab8f2

Browse files
author
jimdial
committed
Merge branch 'master' of https://github.com/MicrosoftDocs/azure-docs-pr into service-endpoints-tutorial
2 parents 5f425ea + 70cfcd0 commit 86ab8f2

File tree

119 files changed

+2632
-1821
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

119 files changed

+2632
-1821
lines changed

articles/active-directory/conditional-access/best-practices.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ ms.devlang: na
1515
ms.topic: article
1616
ms.tgt_pltfrm: na
1717
ms.workload: identity
18-
ms.date: 06/13/2018
18+
ms.date: 08/23/2018
1919
ms.author: markvi
2020
ms.reviewer: calebb
2121

@@ -81,7 +81,7 @@ Both policies are enforced by Azure Active Directory and the user gets access on
8181

8282
### What happens if I have multiple policies for the same user configured?
8383

84-
For every sign-in, Azure Active Directory evaluates all policies and ensures that all requirements are met before granted access to the user.
84+
For every sign-in, Azure Active Directory evaluates all policies and ensures that all requirements are met before granted access to the user. Block access trumps all other configuration settings.
8585

8686

8787
### Does conditional access work with Exchange ActiveSync?
Lines changed: 251 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,251 @@
1+
---
2+
title: 'Tutorial: Azure Active Directory integration with ArcGIS Enterprise | Microsoft Docs'
3+
description: Learn how to configure single sign-on between Azure Active Directory and ArcGIS Enterprise.
4+
services: active-directory
5+
documentationCenter: na
6+
author: jeevansd
7+
manager: femila
8+
ms.reviewer: joflore
9+
10+
ms.assetid: 24809e9d-a4aa-4504-95a9-e4fcf484f431
11+
ms.service: active-directory
12+
ms.workload: identity
13+
ms.tgt_pltfrm: na
14+
ms.devlang: na
15+
ms.topic: article
16+
ms.date: 08/23/2018
17+
ms.author: jeedes
18+
19+
---
20+
# Tutorial: Azure Active Directory integration with ArcGIS Enterprise
21+
22+
In this tutorial, you learn how to integrate ArcGIS Enterprise with Azure Active Directory (Azure AD).
23+
24+
Integrating ArcGIS Enterprise with Azure AD provides you with the following benefits:
25+
26+
- You can control in Azure AD who has access to ArcGIS Enterprise.
27+
- You can enable your users to automatically get signed-on to ArcGIS Enterprise (Single Sign-On) with their Azure AD accounts.
28+
- You can manage your accounts in one central location - the Azure portal.
29+
30+
If you want to know more details about SaaS app integration with Azure AD, see [what is application access and single sign-on with Azure Active Directory](../manage-apps/what-is-single-sign-on.md)
31+
32+
## Prerequisites
33+
34+
To configure Azure AD integration with ArcGIS Enterprise, you need the following items:
35+
36+
- An Azure AD subscription
37+
- An ArcGIS Enterprise single sign-on enabled subscription
38+
39+
> [!NOTE]
40+
> To test the steps in this tutorial, we do not recommend using a production environment.
41+
42+
To test the steps in this tutorial, you should follow these recommendations:
43+
44+
- Do not use your production environment, unless it is necessary.
45+
- If you don't have an Azure AD trial environment, you can [get a one-month trial](https://azure.microsoft.com/pricing/free-trial/).
46+
47+
## Scenario description
48+
49+
In this tutorial, you test Azure AD single sign-on in a test environment.
50+
The scenario outlined in this tutorial consists of two main building blocks:
51+
52+
1. Adding ArcGIS Enterprise from the gallery
53+
2. Configuring and testing Azure AD single sign-on
54+
55+
## Adding ArcGIS Enterprise from the gallery
56+
57+
To configure the integration of ArcGIS Enterprise into Azure AD, you need to add ArcGIS Enterprise from the gallery to your list of managed SaaS apps.
58+
59+
**To add ArcGIS Enterprise from the gallery, perform the following steps:**
60+
61+
1. In the **[Azure portal](https://portal.azure.com)**, on the left navigation panel, click **Azure Active Directory** icon.
62+
63+
![The Azure Active Directory button][1]
64+
65+
2. Navigate to **Enterprise applications**. Then go to **All applications**.
66+
67+
![The Enterprise applications blade][2]
68+
69+
3. To add new application, click **New application** button on the top of dialog.
70+
71+
![The New application button][3]
72+
73+
4. In the search box, type **ArcGIS Enterprise**, select **ArcGIS Enterprise** from result panel then click **Add** button to add the application.
74+
75+
![ArcGIS Enterprise in the results list](./media/arcgisenterprise-tutorial/tutorial_arcgisenterprise_addfromgallery.png)
76+
77+
## Configure and test Azure AD single sign-on
78+
79+
In this section, you configure and test Azure AD single sign-on with ArcGIS Enterprise based on a test user called "Britta Simon".
80+
81+
For single sign-on to work, Azure AD needs to know what the counterpart user in ArcGIS Enterprise is to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in ArcGIS Enterprise needs to be established.
82+
83+
To configure and test Azure AD single sign-on with ArcGIS Enterprise, you need to complete the following building blocks:
84+
85+
1. **[Configure Azure AD Single Sign-On](#configure-azure-ad-single-sign-on)** - to enable your users to use this feature.
86+
2. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with Britta Simon.
87+
3. **[Create an ArcGIS Enterprise test user](#create-an-arcgis-enterprise-test-user)** - to have a counterpart of Britta Simon in ArcGIS Enterprise that is linked to the Azure AD representation of user.
88+
4. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable Britta Simon to use Azure AD single sign-on.
89+
5. **[Test single sign-on](#test-single-sign-on)** - to verify whether the configuration works.
90+
91+
### Configure Azure AD single sign-on
92+
93+
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your ArcGIS Enterprise application.
94+
95+
**To configure Azure AD single sign-on with ArcGIS Enterprise, perform the following steps:**
96+
97+
1. In the Azure portal, on the **ArcGIS Enterprise** application integration page, click **Single sign-on**.
98+
99+
![Configure single sign-on link][4]
100+
101+
2. On the **Single sign-on** dialog, select **Mode** as **SAML-based Sign-on** to enable single sign-on.
102+
103+
![Single sign-on dialog box](./media/arcgisenterprise-tutorial/tutorial_arcgisenterprise_samlbase.png)
104+
105+
3. On the **ArcGIS Enterprise Domain and URLs** section, perform the following steps if you wish to configure the application in **IDP** initiated mode:
106+
107+
![ArcGIS Enterprise Domain and URLs single sign-on information](./media/arcgisenterprise-tutorial/tutorial_arcgisenterprise_url1.png)
108+
109+
a. In the **Identifier** textbox, type a URL using the following pattern: `<EXTERNAL_DNS_NAME>.portal`
110+
111+
b. In the **Reply URL** textbox, type a URL using the following pattern: `https://<EXTERNAL_DNS_NAME>/portal/sharing/rest/oauth2/saml/signin2`
112+
113+
4. Check **Show advanced URL settings** and perform the following step if you wish to configure the application in **SP** initiated mode:
114+
115+
![ArcGIS Enterprise Domain and URLs single sign-on information](./media/arcgisenterprise-tutorial/tutorial_arcgisenterprise_url2.png)
116+
117+
In the **Sign-on URL** textbox, type a URL using the following pattern: `https://<EXTERNAL_DNS_NAME>/portal/sharing/rest/oauth2/saml/signin`
118+
119+
> [!NOTE]
120+
> These values are not real. Update these values with the actual Identifier, Reply URL, and Sign-On URL. Contact [ArcGIS Enterprise Client support team](mailto:[email protected]) to get these values. You will get the Identifier value from **Set Identity Provider** section, which is explained later in this tutorial.
121+
122+
5. On the **SAML Signing Certificate** section, click the copy button to copy **App Federation Metadata Url** and paste it into notepad.
123+
124+
![The Certificate download link](./media/arcgisenterprise-tutorial/tutorial_arcgisenterprise_certificate.png)
125+
126+
6. Click **Save** button.
127+
128+
![Configure Single Sign-On Save button](./media/arcgisenterprise-tutorial/tutorial_general_400.png)
129+
130+
7. In a different web browser window, log in to your ArcGIS Enterprise company site as an administrator.
131+
132+
8. Select **Organization >EDIT SETTINGS**.
133+
134+
![ArcGIS Enterprise Configuration](./media/arcgisenterprise-tutorial/configure1.png)
135+
136+
9. Select **Security** tab.
137+
138+
![ArcGIS Enterprise Configuration](./media/arcgisenterprise-tutorial/configure2.png)
139+
140+
10. Scroll down to the **Enterprise Logins via SAML** section and select **SET ENTERPRISE LOGIN**.
141+
142+
![ArcGIS Enterprise Configuration](./media/arcgisenterprise-tutorial/configure3.png)
143+
144+
11. On the **Set Identity Provider** section, perform the following steps:
145+
146+
![ArcGIS Enterprise Configuration](./media/arcgisenterprise-tutorial/configure4.png)
147+
148+
a. Please provide a name like **Azure Active Directory Test** in the **Name** textbox.
149+
150+
b. In the **URL** textbox, paste the **App Federation Metadata Url** value which you have copied from the Azure portal.
151+
152+
c. Click **Show advanced settings** and copy the **Entity ID** value and paste it into the **Identifier** textbox in the **ArcGIS Enterprise Domain and URLs** section in Azure portal.
153+
154+
![ArcGIS Enterprise Configuration](./media/arcgisenterprise-tutorial/configure5.png)
155+
156+
d. Click **UPDATE IDENTITY PROVIDER**.
157+
158+
### Create an Azure AD test user
159+
160+
The objective of this section is to create a test user in the Azure portal called Britta Simon.
161+
162+
![Create an Azure AD test user][100]
163+
164+
**To create a test user in Azure AD, perform the following steps:**
165+
166+
1. In the Azure portal, in the left pane, click the **Azure Active Directory** button.
167+
168+
![The Azure Active Directory button](./media/arcgisenterprise-tutorial/create_aaduser_01.png)
169+
170+
2. To display the list of users, go to **Users and groups**, and then click **All users**.
171+
172+
![The "Users and groups" and "All users" links](./media/arcgisenterprise-tutorial/create_aaduser_02.png)
173+
174+
3. To open the **User** dialog box, click **Add** at the top of the **All Users** dialog box.
175+
176+
![The Add button](./media/arcgisenterprise-tutorial/create_aaduser_03.png)
177+
178+
4. In the **User** dialog box, perform the following steps:
179+
180+
![The User dialog box](./media/arcgisenterprise-tutorial/create_aaduser_04.png)
181+
182+
a. In the **Name** box, type **BrittaSimon**.
183+
184+
b. In the **User name** box, type the email address of user Britta Simon.
185+
186+
c. Select the **Show Password** check box, and then write down the value that's displayed in the **Password** box.
187+
188+
d. Click **Create**.
189+
190+
### Create an ArcGIS Enterprise test user
191+
192+
The objective of this section is to create a user called Britta Simon in ArcGIS Enterprise. ArcGIS Enterprise supports just-in-time provisioning, which is by default enabled. There is no action item for you in this section. A new user is created during an attempt to access ArcGIS Enterprise if it doesn't exist yet.
193+
194+
> [!Note]
195+
> If you need to create a user manually, contact [ArcGIS Enterprise support team](mailto:[email protected]).
196+
197+
### Assign the Azure AD test user
198+
199+
In this section, you enable Britta Simon to use Azure single sign-on by granting access to ArcGIS Enterprise.
200+
201+
![Assign the user role][200]
202+
203+
**To assign Britta Simon to ArcGIS Enterprise, perform the following steps:**
204+
205+
1. In the Azure portal, open the applications view, and then navigate to the directory view and go to **Enterprise applications** then click **All applications**.
206+
207+
![Assign User][201]
208+
209+
2. In the applications list, select **ArcGIS Enterprise**.
210+
211+
![The ArcGIS Enterprise link in the Applications list](./media/arcgisenterprise-tutorial/tutorial_arcgisenterprise_app.png)
212+
213+
3. In the menu on the left, click **Users and groups**.
214+
215+
![The "Users and groups" link][202]
216+
217+
4. Click **Add** button. Then select **Users and groups** on **Add Assignment** dialog.
218+
219+
![The Add Assignment pane][203]
220+
221+
5. On **Users and groups** dialog, select **Britta Simon** in the Users list.
222+
223+
6. Click **Select** button on **Users and groups** dialog.
224+
225+
7. Click **Assign** button on **Add Assignment** dialog.
226+
227+
### Test single sign-on
228+
229+
In this section, you test your Azure AD single sign-on configuration using the Access Panel.
230+
231+
When you click the ArcGIS Enterprise tile in the Access Panel, you should get automatically signed-on to your ArcGIS Enterprise application.
232+
For more information about the Access Panel, see [Introduction to the Access Panel](../user-help/active-directory-saas-access-panel-introduction.md).
233+
234+
## Additional resources
235+
236+
* [List of Tutorials on How to Integrate SaaS Apps with Azure Active Directory](tutorial-list.md)
237+
* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md)
238+
239+
<!--Image references-->
240+
241+
[1]: ./media/arcgisenterprise-tutorial/tutorial_general_01.png
242+
[2]: ./media/arcgisenterprise-tutorial/tutorial_general_02.png
243+
[3]: ./media/arcgisenterprise-tutorial/tutorial_general_03.png
244+
[4]: ./media/arcgisenterprise-tutorial/tutorial_general_04.png
245+
246+
[100]: ./media/arcgisenterprise-tutorial/tutorial_general_100.png
247+
248+
[200]: ./media/arcgisenterprise-tutorial/tutorial_general_200.png
249+
[201]: ./media/arcgisenterprise-tutorial/tutorial_general_201.png
250+
[202]: ./media/arcgisenterprise-tutorial/tutorial_general_202.png
251+
[203]: ./media/arcgisenterprise-tutorial/tutorial_general_203.png

0 commit comments

Comments
 (0)