Federating an ArcGIS Server site with your portal integrates the security and sharing models of your portal with one or more ArcGIS Server sites. Federation is optional unless you want to do the following:
- Configure your site with a Security Assertion Markup Language (SAML) identity provider.
- Host tile layers, feature layers, and scene layers published by members of the portal.
- Allow members of the portal to perform spatial analysis in Map Viewer Classic.
When you add a server to your portal, you are federating the server with the portal. A server that has been added to your portal is known as a federated server.
To federate successfully, the ArcGIS Server site must have direct network access to your portal over port 7443. A forward proxy cannot be configured to manage or direct network traffic between the server and portal.
When federating a server site with your ArcGIS Enterprise portal, the server version must match the portal version in most cases. It is supported to federate a server site at a prior version when the server site is one of the following:
- An ArcGIS GIS Server site that is not designated as the hosting server site. The hosting server site must match the version of the portal.
- An ArcGIS Image Server site that is not designated as a Raster Analytics site or Image Hosting site. Raster Analytics and Image Hosting sites must match the version of the portal.
Retired software versions are not guaranteed to be compatible with new versions. When federating ArcGIS GIS Server or ArcGIS Image Server sites at prior versions, the version must be supported per the product lifecycle policy to receive technical support.
The Services URL should follow the same rules as the organization's URL. It should be composed of a scheme, host, and single-level context. The Services URL is the URL that clients will use to access services that are published to the federated server site.
When you federate a server with your portal, the portal's security store controls all access to the server. This provides a convenient sign-in experience but also impacts how you access and administer the federated server. For example, when you federate, any users, roles, and permissions that you previously configured on ArcGIS Server services are no longer valid. Access to services is instead determined by portal members, roles, and sharing permissions. Before federating, review the information in Administer a federated server to learn more about how federating will impact your existing site.
Services that exist on the ArcGIS Server site at the time of federation are automatically added to the portal as items. These items are owned by the portal administrator who performs federation. After federation, the portal administrator can reassign ownership of these items to existing portal members as desired. Any subsequent items you publish to the federated server are automatically added as items on the portal and are owned by the user who publishes them.
After federating, you can optionally designate a single server site to be the portal's hosting server. See the table in Integrate your portal with ArcGIS Server for a list of functionality available when your portal has a hosting server. See Configure a hosting server for instructions on designating one of your federated servers as the portal's hosting server.
Federating with a server that uses web-tier authentication (IWA, PKI client-certificate authentication, and so on) is supported. The only requirement for this process is that the administration URL must not use web-tier authentication. Normally this is accomplished by specifying the URL over port 6443, https://gisserver.domain.com:6443/arcgis. During federation, a warning message may be returned, indicating that the services URL cannot be validated. This is expected when the services URL uses web-tier authentication.
Learn more about configuring server sites with your portal.
Once the server site is federated with the organization, you'll use a URL such as https://gisserver.domain.com:6443/arcgis/manager to sign in to ArcGIS Server Manager. If the site includes multiple machines or a web adaptor was used for the Administration URL, users with the correct permissions can access Server Manager over the Administration URL defined during federation. You'll be required to supply the name and password of the portal account. To learn more about differences you'll encounter when working with a federated server, see Administer a federated server.
After federating your server with the portal, you may also want to do the following:
Configure one of your federated servers as a hosting server—This allows your portal users to publish hosted layers to the portal. They can do this from the portal website or ArcGIS Pro.
When you specify a hosting server for your portal, the hosting server's print service is automatically configured with the portal. You'll only need to start and share the print service to use it in the portal. However, if you've previously configured a print service with your portal, the URL is not updated when specifying a hosting server. You'll need to start the service, share the service, and configure it as a utility service.
Disable the primary site administrator account—This is not necessary for all sites, but it can provide an extra measure of security by forcing all users to use portal accounts and tokens.