Skip to content

Portal security

Most ArcGIS portals contain a considerable amount of content that is not public, but is instead secured and shared with the entire organization or specific groups. To access this secured content, users must authenticate with the portal.

The portal object will have access to all the secure content for which the user has access privileges and can be used to find out more information about the user, such as the user's full name (instead of the account user name). Additionally, information about the organization such as the name, banner image, description, and so on, can be read. Apps often make use of this information when a user connects to a specific portal, to show the user organization branding and context.

Typically, the portal object with the authenticated user is cached and used throughout the app session, to provide the app with a view of a portal that is centered around a single user. When the app is restarted, the credential must be reinstated, or the user must repeat the authentication process.

Access tokens

Accessing secured content requires an access token. The most common access tokens in ArcGIS are OAuth 2.0 tokens and API keys. For information on authentication in ArcGIS Maps SDK for Qt, see Security and Authentication in this guide. For steps to obtain user authentication or API key credentials, see Create developer credentials.

Accessing secured content in ArcGIS Online requires that you authenticate with the portal. You can do this by creating a Portal instance, passing true for the loginRequired parameter. Then your app must apply the access token.

The workflow for accessing secured content is as follows:

  1. Apply the access token in your app code.
  2. Create a Portal instance, passing true for the loginRequired parameter.

Access using OAuth

When accessing secured content using OAuth 2.0 credentials, the user's ArcGIS account must be of the correct user type and have the necessary privileges.

The code is the same whether connecting to ArcGIS Online or ArcGIS Enterprise. The only difference is the URL. For information on accessing ArcGIS Enterprise, see the Getting started using ArcGIS Enterprise.

Access using an API key

An API key must have the required privileges for the content being accessed. You can apply the key to the ArcGISRuntimeEnvironment class so it's available across the entire application. For information on using API Keys in your app, see Security and authentication in this guide.

For an example of API key use in an app, see any of the ArcGIS Maps SDK for Qt tutorials, such as Display a map.

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.