Configure Service Resource Security

Starting with Designer for 2015, there were some changes to the security settings for services. The biggest change is the separation of security for accessing GIS data outside of the maps and accessing GIS data in the maps. More specifically, only GIS calls outside of the maps will use the new Security Type settings on Service Resources. The Esri Identity Manager control will be used for the map. See 12710: Configure Secured GIS Service Resources in Cityworks on MyCityworks for more information.

  1. Click the Service Resources tab.
  2. Select a service resource from the GIS Service Resources panel.

There are four security types that can be assigned to a resource: No Security, OAuth 2 App, OAuth2 User, and Token.

No Security is used if your services do not have security.

  1. To set No Security as the security type, select it from the Security Type drop-down list.

OAuth2 App is used if you use ArcGIS Online or Portal for ArcGIS and want application-based security. This option allows you to use an app ID instead of your ArcGIS Online login or password.

NOTE: If you want to access private content within an organization or content that has been shared with a user, you must use the named user login pattern for authentication unless using premium content or services hosted by Esri. See Esri's Limitations of App Login documentation for more information.

  1. To set OAuth2 App as the security type, select it from the Security Type drop-down list.

  1. Enter the Token URL from your ArcGIS Online account, or click Use AGO URLs to populate this field with the URL used by ArcGIS Online.
  2. Enter the App Id from your ArcGIS Online account.
  3. Click Set App Secret to set the app secret (password).
  4. Click Test Security to ensure that there is a valid token for the service.

OAuth2 User is used if you use ArcGIS Online or Portal for ArcGIS and want user-based security.

  1. To set OAuth2 User as the security type, select it from the Security Type drop-down list.

  1. Enter the Token URL from your ArcGIS Online or Portal for ArcGIS account, or click Use AGO URLs to populate this field with the URL used by ArcGIS Online.
  2. Enter the Authorization URL from your ArcGIS Online account, or click Use AGO URLs to populate this field with the URL used by ArcGIS Online. The Authorization URL is slightly different than the Token URL.
  3. Enter the App Id from your ArcGIS Online or Portal for ArcGIS account.
  4. Select Is Permanent to request a permanent token. This option is not as secure, but it is a more convenient option for administrators in Cityworks. If Is Permanent is selected, you may need to log in to your ArcGIS Online or Portal for ArcGIS administrator account to ensure the option for a permanent token is enabled. Once you select this option, click Authorize to open ArcGIS Online or Portal for ArcGIS and authorize your account. A permanent token will be requested, and you should not need to return to this page and authorize again on a regular basis. When this option is not selected, the token will expire at a regular interval (the default is two weeks) and you will have to return to this page and click Authorize to renew it again.

NOTE: For more information on how to ensure Portal for ArcGIS is configured to allow permanent tokens, please see the related Esri documentation here and search for maxTokenExpirationMinutes.

IMPORTANT: Starting at 15.6.9, the Is Permanent check box was removed because Esri discontinued support for permanent tokens due to security concerns.

The Redirect URL is the URL that you will need to configure in ArcGIS Online or Portal for ArcGIS. The URL ends with OAuthRedirect.aspx.

  1. Click Set App Secret to set the app secret (password).
  2. Click Authorize to authorize the security information that you have entered.

NOTE: To register an app in ArcGIS Online or Portal for ArcGIS so Cityworks can authorize against it, see the related Esri documentation here.

  1. Click Test Security to ensure that there is a valid token for the service.

Token is used if you use token-based security. This is useful if you are externalizing and want your services accessible from anywhere, but still secured.

  1. To set Token as the security type, select it from the Security Type drop-down list.

  1. Enter the Token URL that Cityworks will use to get the token. This URL is based on the name of your Esri server.
  2. Enter the number of minutes that the token will last in the Timeout field. The default is 60. Make sure that this value does not exceed what has already been configured in ArcGIS Enterprise.
  3. Enter the User Id of the user you use with your Esri server. For security reasons, the password is not displayed on this page.
  4. To set the password for the first time, click Set Password. To change the existing password, click Change Password.
  5. Click Test Security to ensure
  6. that there is a valid token for the service.

After Token is set as the security for the service resource, it will appear highlighted in the GIS Service Resources panel.

For more information on security types, see Service Resources Fields.

NOTE: Designer automatically saves the changes you make. A notification that says Data Saved appears in the top-right corner when you make changes to the page.