ArcGIS Enterprise uses an identity-based security model. Any content such as layers, services, maps, and apps is secured through groups in the ArcGIS Enterprise portal. These groups are created in the portal; you can add users manually to these groups, or you can link them to groups from your organization’s identity store, such as an Active Directory-based, LDAP-based, or SAML-based identity provider.
For an individual to access content secured in a group, they must be a member of your organization and have an identity in your ArcGIS Enterprise portal. When you create an identity for a user in your portal, you assign them a role. This role defines a specific set of privileges for the user. For example, you can define the type of information a user can search, edit, or create. To learn more about the type of privileges you can grant members of your organization, see Levels, roles, and privileges. You can also allow anonymous access to public content in your ArcGIS Enterprise portal.
When you federate an ArcGIS Server site with your portal, the ArcGIS Enterprise security model takes over. Any content that already resides on your ArcGIS Server site will automatically be owned by the portal’s initial administrator account. To enable access, you need to share the items to the appropriate group or groups in your portal. This step only applies if you are federating an ArcGIS Server site that already contains some content. It does not apply to new server deployments.