Bentley Infrastructure Cloud - ArcGIS Identity (OAuth2)

ArcGIS Identity (OAuth2) authentication protocol has been implemented in the Map Layers widget API.

We support both ESRI portals, ArcGIS Online and ArcGIS Enterprise.

ArcGIS Online works out of the box, no configuration is required from the client. If your data is stored in ArcGIS Online, please jump directly to the next section "Attach a Secure ArcGIS layer" which you will find later in this page.

ArcGIS Enterprise requires few steps for the Map layers widget to communicate with ArcGIS Enterprise. Follow the steps below to successfully attach your secure data.

These steps must be done by the ESRI Administrator.

ArcGIS Enterprise Portal Configuration

This section of the documentation is intended for the users whose GIS data is stored in ESRI ArcGIS Enterprise and secured with the ArcGIS Identity.

For the Map Layers widget to communicate with ESRI ArcGIS Enterprise using the ArcGIS Identity protocol, an application must be created and registered in ArcGIS Enterprise. By following these steps, the user will be able to access his GIS data securely.

1. Log in to the ArcGIS Enterprise portal using your administrator credentials.

2. From the top menu bar, click Content, and then click My Content tab and click on the "New item".

3. In the New item section, select Application.

4. In the New item panel, select "Other application" option and click Next.

5. In the Title field, enter a descriptive name that will help you quickly identify the Bentley application that will use this new generated app. The title in the screen capture below is there as an example. Leave other fields as default and click Save.

6. On the application overview page, click on the Settings tab.

7. Scroll to the bottom of the page and Click on Registered Info.

8. Copy the App ID to the clipboard or in any text editor. It will be used in a subsequent step.

In the same page, go to the Redirect URLs section, click on Add and paste this URL:

https://review.itwin.bentley.com/esri-oauth2-callback

Click Save.

9. In your browser, log in to the ArcGIS portal administrator page. For example, https://your_portal_server_name/portal/portaladmin/

10. Click on Security >OAuth > Change AppID.

11. In the Current App ID field paste the AppID you copied in step 8.

12. In the new App ID field type the alias name indicated by Bentley:

Bentley_iMV

13. Select HTML in the Format dropdown.

14. Click Change App ID.

From that point, users who have secured ArcGIS data will be able to attach it in the Map Layers widget.

Attach a Secure ArcGIS layer

When an ArcGIS Map Service or Feature Service layer secured with the ArcGIS Identity is added or is selected in the list, the user is automatically redirected to the ESRI Login Page to enter his credentials.

Once the credentials are entered successfully, the layer is displayed.

If the external login process failed, the layer will not be attached and a message be displayed, allowing the user to retry.

The subsequent layers pointing to the same server attached within the same session will not require authentication again. The user will have to authenticate again only if the browser is closed or when the delivered token expires within a session.