ArcGIS and SQL Server authentication

When you connect from an ArcGIS application to a database or enterprise geodatabase in Microsoft SQL Server, you choose the type of authentication method to use for the connection.

Operating system (OS) authentication is a method for identifying a connection with credentials supplied by the OS of the connecting computer. OS-authenticated logins are the default and, therefore, recommended type of logins for SQL Server databases.

Database logins are accounts created in the database management system. These accounts are separate from the login account you use to connect to the OS.

OS authentication offers advantages over database authentication in SQL Server. These advantages are as follows:

  • OS authentication is generally more secure in SQL Server databases than database authentication, since it uses a certificate-based security mechanism.
  • When using domain accounts, management of passwords and accounts is centralized. The domain administrator manages all logins that are used throughout the organization, and the database administrator does not need to manage separate accounts.
  • When you connect to the database from ArcGIS, you are not required to enter a user name and password. A single sign-on at login provides access to all services that support OS authentication.

The last advantage listed above may be considered a disadvantage depending on your situation. When connecting from ArcGIS applications using OS authentication, you cannot connect to the database as a user different from your present login. In the case of web services running on an ArcGIS Server site, the present login is the ArcGIS Server account. To allow the ArcGIS Server site to access the data in the web service, you must add the ArcGIS Server account login to the SQL Server and your database, and grant the ArcGIS Server account privileges to the data. If you use database authentication when you publish web services, ArcGIS Server uses the same credentials to access the data that you used when you created your map and published the service.