By default, ArcGIS Enterprise enforces HTTPS for all communication. HTTPS-only protocol ensures that sensitive data—names, passwords, and other confidential information—remains secure during communication with external web content such as ArcGIS Server services and Open Geospatial Consortium (OGC) services. If HTTPS from these external sources is unavailable, the content will be blocked.
While it is strongly recommended that you continue to require HTTPS protocol for your organization, there may be times you want to allow both HTTP and HTTPS forms of communication. Following the steps below will allow you to adjust your security protocols to fit the needs of your organization.
For security best practices, it is recommended that you enforce HTTPS communication for both Portal for ArcGIS and the web server hosting ArcGIS Web Adaptor. For more information, see Enable HTTPS on your web server.
- Sign in to the portal website as an administrator of your organization. Click Organization and click the Settings tab.
- Click Security on the left side of the page.
- ArcGIS Enterprise enforces HTTPS communication by default. To allow both HTTP and HTTPS communication in your organization, uncheck the Allow access to the portal through HTTPS only check box. If you have previously unchecked this box, rechecking it will once again enforce HTTPS-only communication for your portal.
- Click Save to apply your change.