Federating an ArcGIS Server site with your portal integrates the security and sharing models of your portal with one or more ArcGIS Server sites. Federation is optional unless you want to do the following:
- Configure your site with a Security Assertion Markup Language (SAML) identity provider.
- Host tile layers, feature layers, and scene layers published by members of the portal.
- Allow members of the portal to perform spatial analysis in Map Viewer Classic.
When you add a server to your portal, you are federating the server with the portal. A server that has been added to your portal is known as a federated server.
The elements of your ArcGIS Enterprise base deployment, including the hosting server, must all be at the same version as your portal. All ArcGIS GeoEvent Server sites, GeoAnalytics Server sites, and ArcGIS Image Server raster analytics sites must also match the portal's version.
However, some ArcGIS Server sites at version 10.5 or later can be federated with a portal of a more recent version. This applies to additional ArcGIS GIS Server sites beyond the hosting server, and to any ArcGIS Image Server not designated for raster analytics. No ArcGIS Server site can be federated with a portal from an earlier version than its own.
To federate successfully, the ArcGIS Server site must have direct network access to your portal over port 7443. A forward proxy cannot be configured to manage or direct network traffic between the server and portal.
When you federate a server with your portal, the portal's security store controls all access to the server. This provides a convenient sign-in experience but also impacts how you access and administer the federated server. For example, when you federate, any users, roles, and permissions that you previously configured on ArcGIS Server services are no longer valid. Access to services is instead determined by portal members, roles, and sharing permissions. Before federating, review the information in Administer a federated server to learn more about how federating will impact your existing site.
Services that exist on the ArcGIS Server site at the time of federation are automatically added to the portal as items. These items are owned by the portal administrator who performs federation. After federation, the portal administrator can reassign ownership of these items to existing portal members as desired. Any subsequent items you publish to the federated server are automatically added as items on the portal and are owned by the user who publishes them.
After federating, you can optionally designate a single server site to be the portal's hosting server. See the table in Integrate your portal with ArcGIS Server for a list of functionality available when your portal has a hosting server. See Configure a hosting server for instructions on designating one of your federated servers as the portal's hosting server.
Starting at 10.6.1, the managed database for the portal's hosting server must be a relational ArcGIS Data Store. You can continue to federate servers that use an enterprise geodatabase as their managed database; however, they cannot be set as the portal's hosting server.
Federating with a server that uses web-tier authentication (IWA, PKI client-certificate authentication, and so on) is supported. The only requirement for this process is that the administration URL must not use web-tier authentication. Normally this is accomplished by specifying the URL over port 6443, https://gisserver.domain.com:6443/arcgis. During federation, a warning message may be returned, indicating that the services URL cannot be validated. This is expected when the services URL uses web-tier authentication.
Learn more about configuring server sites with your portal.
Once your server is federated with the portal, you'll use a URL such as https://gisserver.domain.com:6443/arcgis/manager to sign in to ArcGIS Server Manager. If the site includes multiple ArcGIS Server machines, this will be the URL of the machine you specified for the Administration URL setting. You'll be required to supply the name and password of a portal account. There are various other differences you'll encounter when working with a federated server that you can read about in Administer a federated server.
After federating your server with the portal, you may also want to do the following:
Configure one of your federated servers as a hosting server—This allows your portal users to publish hosted layers to the portal. They can do this from the portal website, the My Hosted Services node in the Catalog tree in ArcMap, or ArcGIS Pro.
When you specify a hosting server for your portal, the hosting server's print service is automatically configured with the portal. You'll only need to start and share the print service to use it in the portal. However, if you've previously configured a print service with your portal, the URL is not updated when specifying a hosting server. You'll need to start the service, share the service, and configure it as a utility service.
Disable the primary site administrator account—This is not necessary for all sites, but it can provide an extra measure of security by forcing all users to use portal accounts and tokens.