Skip To Content
ArcGIS Developer

Update Security Configuration


This operation can be used to update the portal's security settings, such as whether or not Enterprise accounts are automatically registered as members of your organization the first time they access your Enterprise portal.

The security configuration is stored as a collection of properties in a JSON object. The following properties are supported:

  • allowedProxyHosts (introduced at 10.3)
  • enableAutomaticAccountCreation
  • disableServicesDirectory
  • defaultIDPUsernameSuffix (introduced at 10.5.1)

The webgisServerTrustKey is automatically generated during the federation process and used for communication with a federated ArcGIS Server. This key should not be modified.

Request parameters


The JSON object containing the properties listed below.


The response format. The default response value is html.

Values: html | json | pjson

securityConfig properties


This property restricts what hosts Enterprise portal can access directly. This restriction applies to several scenarios, including when the Enterprise portal accesses resources from a server that does not support Cross Origin Resources Sharing (CORS) or when saving credentials used to access a secure service. By default, this property is not defined and no restrictions are applied. Use the format (.*) to allow access to all machines within a specified domain.

Syntax: A comma-separated list of host names.


The automatic account creation flag. This determines the behavior for unregistered ArcGIS Enterprise accounts the first time they access Enterprise portal. The default value for the property is false. When set to false, first-time users are not automatically registered as members of your ArcGIS organization and must have the same access privileges as other nonmembers. For these accounts to sign in, an administrator must register the Enterprise accounts using the Create User operation. When the value is set to true, Enterprise portal will add Enterprise accounts automatically as a member of your organization.

Values: true | false


This property has been deprecated as of 10.7 with the changes to user type licensing. You can set a default user type for new users using the defaultUserTypeIdForUser property below. For more information on user types, see User types, roles, and privileges.

Introduced at 10.5, this property sets the level Enterprise portal automatically assigns to new accounts. Level 1 membership allows members to view content, such as maps and apps, that have been shared with them through the organization. Level 2 membership allows members to view, create, and share content.

Values: 1 | 2


This property controls whether the HTML pages of the services directory should be accessible to the users. The default value for this property is false, meaning the services directory HTML pages are accessible to everyone.

Values: true | false


At 10.8, the default user role is no longer set through the Portal Administration API. The default role for new members can now be set from the New Member Defaults tab in the Organization Settings of Enterprise portal or through the Set User Default Settings operation in the Portal Services (Sharing) API.

Introduced at 10.4, this property sets which role Enterprise portal automatically assigns to new accounts. By default, new accounts are assigned to account_user. Other possible values are account_publisher or the ID of one of the custom roles defined in your organization. To obtain a custom role ID, sign in to the Enterprise portal sharing directory and browse to Portals > Self > Roles where you can copy the custom role ID you want to use.

Values: account_user | account_publisher | <custom role ID>


This property appends an underscore and specified suffix to new Enterprise accounts that will sign in via SAML. This applies to accounts created automatically and manually through Enterprise portal. This allows ArcGIS Enterprise user names in Enterprise portal to match corresponding Enterprise portal user names in ArcGIS Online. This is needed if editor tracking is enabled on a feature service that is edited by Enterprise portal users from both ArcGIS Online and ArcGIS Enterprise.

For example, if the defaultIDPUsernameSuffix property is specified as energy, the Enterprise user names created for SAML logins will append _energy to the user name. See the examples below:

  • The user name rsanchez becomes rsanchez_energy.
  • With an email address used as a user name, rsanchez becomes rsanchez@domain.com_energy.

At 10.8, the default user type is no longer set through the Portal Administration API. The default user type for new members can now be set from the New Member Defaults tab in the Organization Settings of Enterprise portal or through the Set User Default Settings operation in the Portal Services (Sharing) API.

Introduced at 10.7, this property sets the default user type assigned to users during account creation and when creating built-in accounts. These user types must be compatible with the defaultRoleForUser that has been specified.

Values: fieldWorkerUT | GISProfessionalStdUT | GISProfessionalBasicUT | GISProfessionalAdvUT | creatorUT | editorUT | insightsAnalystUT


Introduced at 10.9.1. A boolean that controls the value of the "Access-Control-Allow-Private-Network" response header in a CORS pre-flight request to a portal service URL. This was added to support the Private Network Access web specification (CORS-RFC1918), which aims to protect websites accessed over a private network from being able to make internal cross-origin (CORS) requests. The default value is true.

Values: true | false


Be aware that when enableAutomaticAccountCreation is set to true, ArcGIS Enterprise accounts are added as members of your organization not only when users access your Enterprise portal, but also when they view embedded web maps from your Enterprise portal, or view a web map or web application from a link. This could result in a rapid increase in accounts.

Example usage

Below is a sample POST request for update, formatted for readability:

POST /webadaptor/portaladmin/security/config/update HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: []

  "disableServicesDirectory": false,
  "enableAutomaticAccountCreation": false,
  "webgisServerTrustKey": "xxxXxxxxXxxxXxxxxXxxxxXxxXxxxxxxXxXxxXxxxXX="

JSON Response example

  "status": "success",
  "recheckAfterSeconds": 10