User authentication is a set of authentication workflows that allow users with an ArcGIS account to sign into an application and access ArcGIS content, services, and resources. The typical authentication protocol used is OAuth2.0. When a user signs into an application with their ArcGIS account, an access token is generated that authorizes the application to access services and content on their behalf. The resources and functionality available depend on the user type, roles, and privileges of the user's ArcGIS account. This authentication type was previously known as Named user login and ArcGIS identity.
If your application will access your users' secure content in ArcGIS or if you plan to distribute your application through ArcGIS Marketplace, you must use user authentication.
How user authentication works
-
Register your application in the developer dashboard to receive client credentials.
-
Implement an OAuth 2.0 authentication workflow.
-
User authorizes your application.
-
ArcGIS exchanges the authorization code from user authorization for a temporary access token.
-
Use the access token to authenticate with ArcGIS according to your specific client API.
User authentication authorizes the app to perform specific tasks affiliated with the user's account, such as:
- Access private content owned by the user or by the user's organization
- Access premium ArcGIS content, such as search, routing, and demographics
- Create, update, and delete the user's content
- Share content with other users within their organization
- Access any content that has been shared with the user
The authenticated user can access premium content and services through your application that are metered to their ArcGIS subscription; during the authenticated period, your app can access the user's content on their behalf.
User authentication workflows
There are six different workflows that can be used to implement user authentication:
- Serverless web application
- Serverless mobile or native application,
- Server-based application
- Manual token generation
- HTTP/Windows/Integrated Windows Authentication
- Public key infrastructure (PKI) authentication
The following workflows adhere to the OAuth2.0 specification:
| Workflow | Equivalent OAuth2.0 flow |
|---|---|
| Serverless web app | Authorization code flow with PKCE |
| Serverless mobile/native app | Authorization code flow |
| Server-based app | Authorization code flow |
| Manual token generation | Resource owner password flow (Insecure) |
Most ArcGIS accounts can sign in to with all user authentication workflows. Some workflows only support ArcGIS Enterprise login.
| ArcGIS Developer login | ArcGIS Online login | ArcGIS Enterprise login | |
|---|---|---|---|
| Serverless web flow | |||
| Serverless native/mobile flow | |||
| Server-based flow | |||
| Manual token generation flow | |||
| Integrated Windows Authentication (IWA) | |||
| Public key infrastructure (PKI) |
Implement user authentication
Authentication with ArcGIS APIs
If you are using one of the ArcGIS Mobile or Native SDKs, refer to that SDK's Getting Started page to implement user authentication in your app:
- ArcGIS Maps SDK for Kotlin
- ArcGIS Maps SDK for Swift
- ArcGIS Maps SDK for Java
- ArcGIS Maps SDK for .NET
- ArcGIS Maps SDK for Qt
After you complete the OAuth 2.0 authorization process, you receive a token credential to use when accessing any content or services to which the authorized user has access.
-
If you use an ArcGIS client API, the
AuthenticationorManager Identityclasses automatically use aManager tokencredential to securely access resources, requiring no additional actions from you. -
If you manually implement OAuth 2.0 authorization, you must either register the
tokencredential with the ArcGIS APIAuthenticationorManager Identityclass, or pass theManager tokento the appropriate method or class as a parameter.
Authentication with non-ArcGIS APIs
It is possible to implement ArcGIS user authentication with non-ArcGIS APIs, however you remain responsible to obtain, manage, and secure user credentials as a part of your application. For this method, you must implement the appropriate authentication workflow for your application.
Billing information
User authentication allows individual users with an ArcGIS Online or ArcGIS Enterprise account to authorize your app to use the content and services to which they have access; it also uses their credits for any paid premium content and services.