ArcGIS Enterprise uses an identity-based security model. Any content such as layers, services, maps, and apps are secured through groups within the ArcGIS Enterprise portal. These groups are created in the portal; you can add users manually to these groups, or you can link them to enterprise groups from your organization’s identity store, such as Active Directory-based, LDAP-based, or (new at 10.6) SAML-based identity provider.
For an individual to access content secured in a group, they must be a member of your organization and have an identity within your ArcGIS Enterprise portal. When you create an identity for a user within your portal, you assign them a role. This role defines a specific set of privileges for the user. For example, you can define the type of information a user can search, edit, or create. To learn more about the type of privileges you can grant members of your organization, see Levels, roles, and privileges. You can also allow anonymous access to public content in your ArcGIS Enterprise portal.
Keep in mind that when you federate an ArcGIS Server site with your portal, the ArcGIS Enterprise security model takes over. Any content that already resides on your ArcGIS Server site will automatically be owned by the portal’s initial administrator account. To enable access, you need to share the items to the appropriate group or groups in your portal. This step only applies if you are federating an ArcGIS Server site that already contains some content, and would not apply to new server deployments.