Introduction to user authentication | Documentation

User authentication is a set of authentication workflows that allow users with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more to sign into an application and access ArcGIS contentContent is a collection of items in a portal that belong to a user, group, or organization.Learn more, servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more, and resources. The typical authentication protocol used is OAuth 2.0. When a user signs into an application with their ArcGIS account, an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more is generated that authorizes the application to access services and content on their behalf. The resources and functionality available depend on the user type, roles, and privileges of the user's ArcGIS account. This authentication type was previously known as Named user login and ArcGIS identity.

User authentication provides access to secure ArcGIS services and content on behalf of a user. It offers several advantages over other types of authentication:

Supports the secure OAuth 2.0 authorization_code flow.
Grants access to all services available to a user, including portal servicesArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more and spatial analysis servicesA spatial analysis service, also known as a feature analysis service, is a service used to perform spatial analysis operations on feature data such as finding, comparing, summarizing, analyzing patterns, and calculating geometries.Learn more.
Bills usage to user's accounts, rather than the developer's account.

How user authentication works

The generic user authentication workflow. To view concrete examples, go to User authentication flows

The typical steps to implement user authentication are as follows:

Create a set of OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more in your portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more and set a redirect URL.
Paste the client_id and redirect URL from your OAuth credentials into your application.
Use an ArcGIS Maps SDKArcGIS Maps SDKs are developer products for building mapping and spatial analysis applications for web browsers, native devices, and game engines.Learn more or APIAn ArcGIS API is a web, native, game engine, or scripting API that has advanced mapping and spatial analysis capabilities and can be used to access ArcGIS services. ArcGIS APIs are designed to work optimally with the ArcGIS system and provide the most advanced GIS features and the highest performance possible.Learn more to create an authentication manager class and prompt users to sign in.
Once authenticated, access the secure resourcesA secure resource is any item or service in an ArcGIS that requires an ArcGIS account and authentication to access. Examples include ArcGIS Location Services, and items and data services in an ArcGIS portal.Learn more available to the signed-in user in your application.

OAuth credentials

OAuth credentials are an itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more used to support multiple types of authentication. They are required to implement user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more. The most common pattern is to create a new OAuth credentials item for each application. OAuth credentials are used to obtain a client IDA Client ID is an identifier associated with an application that assists with client / server OAuth 2.0 authentication for ArcGIS client APIs.Learn more for your app and authorize its redirect URLs.

User authentication flows

There are six different workflows that can be used to implement user authentication:

The flow you use will vary based on the type of application you build and client API you select.

Examples

ArcGIS APIs

If you are using one of the ArcGIS Maps SDKsArcGIS Maps SDKs are developer products for building mapping and spatial analysis applications for web browsers, native devices, and game engines.Learn more, refer to that SDK's Access services with OAuth credentials tutorial to implement user authentication in your app:

After you complete the OAuth 2.0 authorization process, you receive a token credential to use when accessing any contentContent is a collection of items in a portal that belong to a user, group, or organization.Learn more or servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more to which the authorized user has access. In ArcGIS Maps SDKs, the AuthenticationManager and IdentityManager classes automatically use a token credential to securely access resources, requiring no additional actions from you.

Non-ArcGIS APIs

It is possible to implement ArcGIS user authentication with non-ArcGIS APIs, however you remain responsible to obtain, manage, and secure user credentials as a part of your application. For this method, you must implement the appropriate authentication flow for your application. The following OAuth 2.0 flows are recommended:

Product and account requirements

User authentication is available with ArcGIS Location PlatformArcGIS Location Platform, formerly known as ArcGIS Platform, is a Platform as a Service (PaaS) product that gives developers access to location services, APIs, and tools to build mapping and spatial analysis applications. It is subscription-based and requires an ArcGIS Location Platform account.Learn more, ArcGIS OnlineArcGIS Online is a GIS mapping, analytics, data hosting, and content management software as a service (SaaS) product. It includes applications, tools, APIs, and location services for users and developers. It is subscription-based and requires an ArcGIS Online account.Learn more, and ArcGIS EnterpriseArcGIS Enterprise is a GIS mapping, analytics, data hosting, and content management product that can be hosted on-premise or in a cloud infrastructure. It includes software, applications, tools, APIs, and services for users and developers.Learn more. If you have ArcGIS Online or ArcGIS Enterprise, your account must have a user type of Creator or higher.

Tutorials

Create OAuth credentials for user authentication

Create and configure OAuth credentials to set up user authentication.

ArcGIS portal

Sign in with user authentication

Create an application that requires users to sign in with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.

JavaScript Maps SDK .NET Maps SDK Kotlin Maps SDK Swift Maps SDK Java Maps SDK Qt Maps SDK REST JS (Server)REST JS (Browser)

Service support

The following table provides an overview of the functionality available with each type of authentication:

	API key authentication	User authentication	App authentication
ArcGIS Location Services	¹	¹	¹
Data services (Item access)	²
Spatial analysis services	¹		¹
Portal service (General privileges)
Portal service (Admin privileges)

Full supportPartial supportNo support

1. Supported with ArcGIS Online and ArcGIS Location Platform.
2. Supported, but not recommended due to security risks.

API support

	User authentication
ArcGIS Maps SDK for JavaScript
ArcGIS Maps SDK for .NET
ArcGIS Maps SDK for Kotlin
ArcGIS Maps SDK for Swift
ArcGIS Maps SDK for Flutter
ArcGIS Maps SDK for Java
ArcGIS Maps SDK for Qt
ArcGIS API for Python
ArcGIS REST JS
Leaflet	¹
MapLibre GL JS	¹
OpenLayers	¹
CesiumJS	¹

Full supportPartial supportNo support

1. Supported via ArcGIS REST JS