Security is a pillar of a well-architected ArcGIS system. When you first install Portal for ArcGIS and configure the ArcGIS Web Adaptor, the following default security settings are only sufficient for testing and development:
- The URL to the portal is only known to the administrator who set up the ArcGIS Enterprise deployment.
- Portal for ArcGIS initially has only one account, the initial administrator account you specified when you first logged in to the portal website. This is not an operating system account; it's an account that is used only for logging in to the portal.
- Administrator credentials are secured using HTTPS through the web server hosting the Web Adaptor.
- All administration operations are initially secure and can only be performed by the administrator account.
In a production environment, you will want to configure your portal's security further. The topics in this section describe how to do the following:
- Limit who can access your portal and use items and services
- Control who can administer the portal and publish items and services
- Encrypt communication with your portal
Getting started
To learn more about how to secure your portal, see About configuring portal authentication to get started.
To reduce the vulnerability of your portal, you should follow best practices such as disabling anonymous access to the portal. Some of these recommendations are outlined in Security best practices.