ArcGIS Pro supports configuring authentication connections with external authentication providers. If your organization manages user identities with an authentication provider, such as Microsoft Azure Active Directory (AD), you can add an authentication connection to establish a relationship between the provider and ArcGIS Pro.
Authentication connections are OAuth 2.0 based. When you sign in to a connection, you are redirected to the provider's login page, where you can provide your credentials and authorize ArcGIS Pro to access resources on your behalf. Once signed in, you can use the authentication connection in various parts of the application, such as when connecting to cloud stores.
The following three sections represent the three steps to connect ArcGIS Pro to an authentication provider.
ArcGIS Pro only supports Microsoft Azure AD as an authentication provider.
Register ArcGIS Pro with the authentication provider
An IT administrator typically performs the following steps to register ArcGIS Pro with the authentication provider:
- Register ArcGIS Pro with the authentication provider.
- Retrieve the application (client) ID generated for ArcGIS Pro.
- Provide the redirect URI as arcgis-pro://auth.
Register ArcGIS Pro with Microsoft Azure Active Directory
The following prerequisites must be met to register an application with Azure AD:
- Your Azure account must have an active subscription with permission to manage applications in Azure AD.
- You must have a Microsoft Azure AD tenant.
For more information, see Quickstart: Register an application with the Microsoft identity platform in the Microsoft documentation.
To register ArcGIS Pro with Microsoft Azure Active Directory, complete the following steps:
- Register a new application with the following settings:
- In the Name box, enter ArcGIS Pro.
- For supported account types, choose Single tenant.
- For Redirect URI, choose Mobile and desktop applications as the platform and enter the URI: arcgis-pro://auth.
- Enable and grant admin consent for the following API permissions:
- Azure Storage > user_impersonation
- Microsoft Graph > User.Read (This is enabled by default.)
- Optionally, in Token Configuration, add the optional claim login_hint to the ID token.
This is recommended for a more streamlined user experience when signing out of a connection.
- When registration is complete, note the Application (client) ID, which uniquely identifies ArcGIS Pro in the Microsoft identity platform. You will use this later when adding authentication connections in ArcGIS Pro.
- Note the Microsoft Azure AD domain name. You will use this later when adding authentication connections in ArcGIS Pro.
Add an authentication connection
To add an authentication connection, complete the following steps:
- Open the ArcGIS Pro settings page in one of the following ways:
- From an open project, click the Project tab on the ribbon.
- From the start page, click the Settings tab .
- In the list of side tabs, click Options.
- On the Options dialog box, under Application, click Authentication.
- Click Add Connection .
- On the Add Connection dialog box, type a name for the connection.
Note:
Connection names are limited to 50 characters and cannot be changed after the connection is added.
- Click the Type drop-down arrow and choose the connection type.
Only Microsoft Azure AD is a supported provider.
- Provide the connection properties and click OK.
Sign in to an authentication connection
To sign in to an authentication connection, complete the following steps:
- Click the Options button or right-click the connection and click Sign in.
You are redirected to a browser.
- Provide the credentials associated with your account and click Next.
- Click Continue when prompted.
If the login is successful, a prompt to open ArcGIS Pro appears.
Manage authentication connections
To manage an authentication connection, click the Options button or right-click the connection to do the following:
- Click Refresh to update the status of the connection. Alternatively, click Refresh All to update the status of all the connections.
- Click Sign out to sign out of a connection.
- Click Edit to edit the properties of the connection, except the connection name.
When you finish editing the connection, click OK to save the changes. You will need to sign in again.
- Click Remove to remove a connection.
Administer authentication connections
System administrators who manage application settings may set default authentication connections in your ArcGIS Pro deployment. An administrator can lock connections to prevent them from being changed. A message appears on the Options dialog box if there are administered managed connections.