As a SharePoint site collection administrator, you are responsible for configuring ArcGIS Maps for SharePoint.
To begin, you generate an encryption key that ensures that the ArcGIS credentials used to run the ArcGIS Maps Locate workflow are stored securely; if you chose to use SSS during installation, this is done automatically; otherwise, you must manually generate a key. You then specify the URL for your ArcGIS Online organizational account or ArcGIS Enterprise instance. Finally, you specify the ArcGIS named user account used to charge credits consumed by the ArcGIS Maps for SharePoint workflows. You can also optionally set options for the Esri User Experience Improvement program here.
The ArcGIS named user account specified during configuration is used to generate an app item in ArcGIS Online or ArcGIS Enterprise. This app item is used for the following purposes:
- Generates an access token used by the ArcGIS Maps Locate workflow
- The app item's ID is used for OAuth 2.0 authentication for named users
In version 4.2 and earlier, ArcGIS Maps for SharePoint used an app token to authenticate access to ArcGIS while running the ArcGIS Maps Locate workflow. As of version 5.0, the ArcGIS credentials you specify while configuring the web part are based on an ArcGIS named user account and use a user token for authentication. This provides more security and allows users to access private geocoders. Although existing app tokens are still supported in version 5.0 if you upgrade from a previous version, this feature will be deprecated in a future release. It is highly recommended that you upgrade to version 5.0 and configure the app using ArcGIS named user credentials to enable user tokens.
When the ArcGIS credentials are set, users can view the map as guests, without needing to sign in to ArcGIS. Guest users have limited access to the map; to fully interact with the map, users must sign in to ArcGIS.
After you complete the app configuration, users can sign in as a named user in the ArcGIS Mapsweb part, using their own user credentials. Any credits consumed by the app (for example, driving routes, infographics, etc.) are charged to the user's account.
Important: ArcGIS Maps for SharePoint supports ArcGIS Enterprise with different authentication methods; these procedures describe how to configure the app with the default OAuth 2.0 authentication. For other authentication methods, see Configure enterprise logins.
Access ArcGIS Maps for SharePoint app configuration
You must be a SharePoint site collection administrator to access the ArcGIS Maps for SharePoint administration menu and configure the app.
- Browse to the Site Settings page of the site.
- Under the ArcGIS Maps for SharePoint Administration heading, click Configuration Settings.
If you receive an "Access denied" message when you open the App Configuration page, you do not have site collection administrator privileges. Only site collection administrators can perform the app configuration.
Generate an encryption key
Before you can configure ArcGIS Maps for SharePoint, you must generate an encryption key. This key ensures that the ArcGIS credentials used to configure the app are stored securely.
By default, ArcGIS Maps for SharePoint uses the Secure Store Service (SSS) to secure ArcGIS credentials. An encryption key is generated within a target application and stored in SSS, and all site collections will use this encryption key to secure ArcGIS credentials. If you don't want to use SSS, you can choose to manually generate an encryption key after installation. Using SSS is the recommended setting for enhanced security.
During installation, a target application is automatically created with the ID "arcgismapsforsharepoint". SharePoint farm administrators can also manually create other target applications for this if desired.
Create an SSS target application (optional)
During installation, if you choose to use Secure Store Service to secure ArcGIS credentials, ArcGIS Maps for SharePoint automatically creates a target application in the Secure Store Service, with the ID "arcgismapsforsharepoint". All site collections are configured by default to use this target application.
In some cases, the SharePoint farm administrator may want to manually create a different target application. Some reasons for creating a manual target application include:
- The site collection administrator wants to use a dedicated target application for increased security
- The ArcGIS Maps for SharePoint installer failed to properly create the default target application
To manually create an SSS target application, do the following:
- On the Central Administration home page, in the Application Management section, click Manage service applications.
- Click the Secure store service application.
- Click New to create a new target application.
- Type a string in the Target Application ID field.
This value will be required during ArcGIS Maps for SharePoint configuration.
- Provide a valid contact email address and set the Target Application Type to Group.
- Click Next.
- Remove the default username and password fields and click Add field. Type a field name and set the field type to Key. Check the Masked check box and click Next to continue.
- Set the web application pool account to be both administrator and member.
The application pool runs the web application that owns the SharePoint web application in which the ArcGIS Maps for SharePoint feature is activated on the site level.
You must add the web application pool identity user to the member group, not the SharePoint site collection administrator.
Be sure to add the web application pool identity user to the member group, not the SharePoint site collection administrator; otherwise, you may receive an Access Denied error.
- Click OK to finish creating the target application.
- After the target application is created, select it and click Set in the Central Administration application's ribbon to set the encryption key for ArcGIS Maps for SharePoint.
- In the Set credentials window, type a value in ekey field, then type it again to confirm.
You do not need to memorize this key.
- Click OK to finish.
Use Secure Store Service
If you chose Use SSS during installation, the ArcGIS Maps for SharePoint configuration page shows the target application ID that was automatically created during installation (arcgismapsforsharepoint). The encryption key is saved in this target application and there is no need to manually create one. All related site collections will use this key to secure the ArcGIS credentials used to access content hosted on ArcGIS Onlineor ArcGIS Enterprise.
- By default, ArcGIS Maps for SharePoint automatically creates a target application in the Secure Store Service, with the ID "arcgismapsforsharepoint". If your SharePoint farm administrator has manually generated a different target application ID, type it in the Target application field and click Set.
If the target application is not found, an error message appears. Ask your SharePoint farm administrator to verify the target application ID and try again.
In case of a security breach, the SharePoint farm administrator can use the Central Administration application to reset the encryption key stored in the target application. This will invalidate all existing ArcGIS credentials that were secured by the target application and all site administrators will need to reconfigure ArcGIS credentials for their own site collections.
Manually generate an encryption key
If you chose Do not use SSS during installation, you'll need to manually generate an encryption key for this site collection. This encryption key is stored within the site collection and is not as secure as using SSS. You should use this option only if SSS is not available.
- In the Encryption key section of the configuration page, click the Generate your own encryption key radio button.
- Type a passphrase in the Passphrase field.
The passphrase must contain at least 6 characters, of which at least one must be a numerical digit, and one uppercase character (for example, passWord1).
Important: Both the passphrase used to generate the encryption key and the username and password for the ArcGIS account are case-sensitive.
- Retype the passphrase to confirm.
- Click Create key.
A message appears, stating that the encryption key was successfully generated.
- To generate a new key, click Refresh key.
- Type the passphrase you entered previously and click Refresh.
The encrypted credentials are re-encrypted using the new key and the old key is discarded.
- To generate a new key with a different passphrase, click New key and follow the steps outlined at the beginning of this workflow.
After you generate an encryption key, you can securely set the remaining app configuration settings.
Set the ArcGIS connection URL
- In the ArcGIS or Portal URL field, type the URL for your ArcGIS Online organization or ArcGIS Enterprise instance.
- If you are connecting directly to ArcGIS Online (meaning your instance has no subdomain), leave the default setting of http://www.arcgis.com.
To configure ArcGIS Maps for SharePoint to work with SSL-secured sites, change the ArcGISConnection URL from HTTP to HTTPS.
If you are working in disconnected environment, such as when your internal network is behind a firewall, set this value to point to your ArcGIS Enterprise instance. For example: https://<portalname>/<instance>.
- Click Set.
If the URL is not found, an error message appears. Verify the URL and try again.
Set the ArcGIS credentials
ArcGIS Maps for SharePoint uses a single ArcGIS named user account to create an app item in ArcGIS Online or ArcGIS Enterprise. This app item is used to generate an access token used to run the ArcGIS Maps Locate workflow and charge credits consumed by the ArcGIS Maps for SharePoint workflows.
The app item is protected in ArcGIS Online or ArcGIS Enterprise.
- In the ArcGIS credentials section, type the user name and password and click Set.
A message window opens, stating that you will need to provide login credentials to set the credentials used to run the ArcGIS Maps Locate workflow.
- Click OK to dismiss the message.
- In the ArcGIS OAuth sign in window, type the user name and password for the named user account to use to run the ArcGIS Maps Locate workflow in ArcGIS Maps for SharePoint.
The password is case-sensitive. The account's ID will appear under the Identity title in the ArcGIS credentials section of the app configuration page.
- To change the ArcGIS credentials to use a different account or to renew the ArcGIS credentials, click Set.
The ArcGIS OAuth window opens.
- Sign in using the credentials used when the account was initially set or enter the credentials for a different account and click Sign in.
- To delete the previously set credentials, click Delete.
Tip:Occasionally, the ArcGIS credentials have a limited token life span, and there will be a warning message in the ArcGIS credentials pane notifying the administrator that the credentials are about to expire. Click Set any time to renew the credentials.
Initialize term set
Geotags generated by the ArcGIS Map Search add-in are stored in the SharePoint Term Store Management.
You must be a term store administrator to manually create a term set group and term set used by ArcGIS Map Search.
The geotag term set is typically created and configured by the ArcGIS Maps for SharePoint installer. If the term set is deleted, the geotag term set for the site collection must be initialized.
Click Initialize to set up the geotag term set.
Set Esri User Experience Improvement options
Optionally participate in the Esri User Experience Improvement (EUEI) program. Check this box to provide anonymous information about your system and how you use ArcGIS Maps for SharePoint. Clear the box to opt out of the program. For more information, see Esri User Experience Improvement.
Troubleshoot App configuration
If you're using Internet Explorer and the Sign In window appears but is blank, try the following:
- On the Internet Explorer Internet Options dialog box, click the Security tab and choose Trusted Sites.
- Check Enable Protected Mode.
- Click the Sites button and add https://*.arcgis.com or your ArcGIS Enterprise portal address.
- Restart Internet Explorer.
- Use Firefox or Chrome when setting the App Configuration credentials on SharePoint 2010 for IWA, PKI, or LDAP portals. When using Firefox, first navigate to the portal itself and make sure to add the exception to trust the portal.
- If you receive the following message: "Unable
to obtain master key," follow the steps below to generate a key
within the SharePoint Secure Store service:
- On the Central Administration home page, in the Application Management section, click Manage service applications.
- Click the Secure Store Service link.
- Click Generate New Key.