Update Security Configuration


This operation can be used to update the portal's security settings, such as whether or not enterprise accounts are automatically registered as members of your ArcGIS organization the first time they accesses the portal.

The security configuration is stored as a collection of properties in a JSON object. The following properties are supported:

  • enableAutomaticAccountCreation
  • disableServicesDirectory
  • defaultRoleForUser (introduced at 10.4)
  • defaultIDPUsernameSuffix (introduced at 10.5.1)
  • allowedProxyHosts (introduced at 10.3)

The automatic account creation flag (enableAutomaticAccountCreation) determines the behavior for unregistered enterprise accounts the first time they access the portal. When the value for this property is set to false, first time users are not automatically registered as members of your ArcGIS organization, and have the same access privileges as other nonmembers. For these accounts to sign in, an administrator must register the enterprise accounts using the Create User operation.

The default value for the enableAutomaticAccountCreation property is false. When this value is set to true, portal will add enterprise accounts automatically as members of your ArcGIS organization.


Be aware that when enableAutomaticAccountCreation is set to true, enterprise accounts are added as members of your organization not only when the user browses to your portal web site, but also when they view embedded web maps from your portal, or view a web map or web application from a link. This could result in a rapid increase in the number of accounts in your portal.

The disableServicesDirectory property controls whether the HTML pages of the services directory should be accessible to the users. The default value for this property is false, meaning the services directory HTML pages are accessible to everyone.

Use the defaultRoleForUser property to set which role the portal automatically assigns to new member accounts. By default, new accounts are assigned to account_user. Other possible values are account_publisher or the ID of one of the custom roles defined in the ArcGIS organization. To obtain the ID of a custom role,

  1. Log in to the portal sharing directory.
  2. Go to Portals > Self > Roles.
  3. Copy the custom role ID you want to use.

The defaultIDPUsernameSuffix property appends an underscore and specified suffix to new enterprise accounts that will login via SAML.

For example, if the defaultIDPUsernameSuffix property is specified as 'energy', the enterprise usernames created for SAML logins will append _energy to the username. See examples below.

  • rsanchez username becomes rsanchez_energy
  • rsanchez with an email address used as a username becomes rsanchez@domain.com_energy

This applies to accounts created automatically and accounts created manually through the portal website. This will allow usernames for enterprise users in your portal to match enterprise usernames in ArcGIS Online. This is needed if editor tracking is enabled on a feature service that is edited by enterprise users from both ArcGIS Online and your portal.

The allowedProxyHosts property restricts what hosts the portal can access directly. This restriction applies to several scenarios, including when the portal accesses resources from a server that does not support Cross Origin Resource Sharing (CORS) or when saving credentials used to access a secure service. By default, this property is not defined and no restrictions are applied. Define the allowedProxyHosts with a comma-separated list of hostnames to restrict the hosts the portal can access directly. Use the format (.*).domain.com to allow access to all machines within a specified domain.

The webgisServerTrustKey is automatically generated during the federation process and used for communication with federated ArcGIS Server(s). This key should not be modified.

Request Parameters


The JSON object containing the above listed properties.

Example Usage

securityConfig={"disableServicesDirectory":false,"enableAutomaticAccountCreation":true, "defaultRoleForUser": 12aBC3D4EF5ghIJ, "webgisServerTrustKey": "xxx..."}

JSON Response Syntax

  "enableAutomaticAccountCreation": true|false,
  "disableServicesDirectory": true|false,
  "defaultRoleForUser": "account_user"|"account_publisher"|<custom role ID>,
		"defaultLevelForUser": 1|2,
		"webgisServerTrustKey": "xxx..."