User authentication is a set of authentication workflows that allow users with an ArcGIS account to sign into an application and access ArcGIS content, services, and resources. The typical authentication protocol used is OAuth2.0. When a user signs into an application with their ArcGIS account, an access token is generated that authorizes the application to access services and content on their behalf. The resources and functionality available depend on the user type, roles, and privileges of the user's ArcGIS account. This authentication type was previously known as Named user login and ArcGIS identity.
If your application will access your users' secure content in ArcGIS or if you plan to distribute your application through ArcGIS Marketplace, you must use user authentication.
Implement an OAuth 2.0 authentication workflow.
User authorizes your application.
ArcGIS exchanges the authorization code from user authorization for a temporary access token.
Use the access token to authenticate with ArcGIS according to your specific client API.
User authentication authorizes the app to perform specific tasks affiliated with the user's account, such as:
The authenticated user can access premium content and services through your application that are metered to their ArcGIS subscription; during the authenticated period, your app can access the user's content on their behalf.
There are six different workflows that can be used to implement user authentication:
- Serverless web application
- Serverless mobile or native application,
- Server-based application
- Manual token generation
- HTTP/Windows/Integrated Windows Authentication
- Public key infrastructure (PKI) authentication
The following workflows adhere to the OAuth2.0 specification:
|Workflow||Equivalent OAuth2.0 flow|
|Serverless web app||Authorization code flow with PKCE|
|Serverless mobile/native app||Authorization code flow|
|Server-based app||Authorization code flow|
|Manual token generation||Resource owner password flow (Insecure)|
Most ArcGIS accounts can sign in to with all user authentication workflows. Some workflows only support ArcGIS Enterprise login.
|ArcGIS Developer login||ArcGIS Online login||ArcGIS Enterprise login|
|Serverless web flow|
|Serverless native/mobile flow|
|Manual token generation flow|
|Integrated Windows Authentication (IWA)|
|Public key infrastructure (PKI)|
If you are using one of the ArcGIS Mobile or Native SDKs, refer to that SDK's Getting Started page to implement user authentication in your app:
- ArcGIS Maps SDK for Kotlin
- ArcGIS Maps SDK for Swift
- ArcGIS Maps SDK for Java
- ArcGIS Maps SDK for .NET
- ArcGIS Maps SDK for Qt
After you complete the OAuth 2.0 authorization process, you receive a
token credential to use when accessing any content or services to which the authorized user has access.
If you use an ArcGIS client API, the
Identityclasses automatically use a
tokencredential to securely access resources, requiring no additional actions from you.
If you manually implement OAuth 2.0 authorization, you must either register the
tokencredential with the ArcGIS API
Identityclass, or pass the
tokento the appropriate method or class as a parameter.
It is possible to implement ArcGIS user authentication with non-ArcGIS APIs, however you remain responsible to obtain, manage, and secure user credentials as a part of your application. For this method, you must implement the appropriate authentication workflow for your application.
User authentication allows individual users with an ArcGIS Online or ArcGIS Enterprise account to authorize your app to use the content and services to which they have access; it also uses their credits for any paid premium content and services.