Connect to authentication providers from ArcGIS AllSource

ArcGIS AllSource supports configuring authentication connections with external authentication providers. If your organization manages user identities with an authentication provider, such as Microsoft Entra ID, you can add an authentication connection to establish a relationship between the provider and ArcGIS AllSource.

Authentication connections are OAuth 2.0 based. When you sign in to a connection, you are redirected to the provider's login page, where you can provide your credentials and authorize ArcGIS AllSource to access resources on your behalf. Once signed in, you can use the authentication connection in various parts of the application, such as when connecting to cloud stores.

The following three sections represent the three steps to connect ArcGIS AllSource to an authentication provider.

Register ArcGIS AllSource with the authentication provider

An IT administrator typically performs the following steps to register ArcGIS AllSource with the authentication provider:

  1. Register ArcGIS AllSource with the authentication provider.
  2. Retrieve the application (client) ID generated for ArcGIS AllSource.
  3. Provide the redirect URI as arcgis-pro://auth.
  4. For detailed instructions, refer to the documentation available through your authentication provider.

Register ArcGIS AllSource with Microsoft Entra ID

The following prerequisites must be met to register an application with Entra ID:

  • Your Azure account must have an active subscription with permission to manage applications in Entra ID.
  • You must have a Microsoft Entra ID tenant.

For more information, see Quickstart: Register an application with the Microsoft identity platform in the Microsoft documentation.

To register ArcGIS AllSource with Microsoft Entra ID, complete the following steps:

  1. Register a new application with the following settings:
    1. In the Name box, enter ArcGIS Pro.
    2. For supported account types, choose Single tenant.
    3. For Redirect URI, choose Mobile and desktop applications as the platform and enter the URI: arcgis-pro://auth.
    4. Enable and grant admin consent for the following API permissions:
      • Azure Storage > user_impersonation
      • Microsoft Graph > User.Read (This is enabled by default.)
    5. Optionally, in Token Configuration, add the optional claim login_hint to the ID token.

      This is recommended for a more streamlined user experience when signing out of a connection.

  2. When registration is complete, note the Application (client) ID, which uniquely identifies ArcGIS AllSource in the Microsoft identity platform. You will use this later when adding authentication connections in ArcGIS AllSource.
  3. Note the Microsoft Entra ID domain name. You will use this later when adding authentication connections in ArcGIS AllSource.

Add an authentication connection

To add an authentication connection, complete the following steps:

  1. Open the ArcGIS AllSource settings page in one of the following ways:
    • From an open project, click the Project tab on the ribbon.
    • From the start page, click the Settings tab Settings.
  2. In the list of side tabs, click Options.
  3. On the Options dialog box, under Application, click Authentication.
  4. Click Add Connection Add an authentication connection.
  5. On the Add Connection dialog box, type a name for the connection.
    Note:

    Connection names are limited to 50 characters and cannot be changed after the connection is added.

  6. Click the Type drop-down arrow and choose the connection type.

    Microsoft Entra ID is the default provider. Choose Custom to add a connection with a different provider.

  7. Provide the connection properties and click OK.

    Different properties may be required depending on your connection type:

    • If your connection type is Microsoft Entra ID, at least one scope is required; the default is https://storage.azure.com/.default.
    • If your connection type is Custom, provide the authorization URL and token URL from your authentication provider. Scopes are optional.

Sign in to an authentication connection

To sign in to an authentication connection, complete the following steps:

  1. Click the Options button Options or right-click the connection and click Sign in.

    You are redirected to a browser.

  2. Provide the credentials associated with your account and click Next.
  3. Click Continue when prompted.

    If the login is successful, a prompt to open ArcGIS AllSource appears.

Manage authentication connections

To manage an authentication connection, click the Options button Options or right-click the connection to do the following:

  • Click Refresh to update the status of the connection. Alternatively, click Refresh All Refresh all connections to update the status of all the connections.
  • Click Sign out to sign out of a connection.
  • Click Edit to edit the properties of the connection, except the connection name and type.

    When you finish editing the connection, click OK to save the changes. You will need to sign in again.

  • Click Remove to remove a connection.

Administer authentication connections

System administrators who manage application settings may set default authentication connections in your ArcGIS AllSource deployment. An administrator can lock connections to prevent them from being changed. A message appears on the Options dialog box if there are administered managed connections.

Authentication settings managed by an administrator