Skip to main content
Download TeamViewer Download TeamViewer

Feature Service Authentication Methods

Updated

 

[10/5/2025]Logo

 

Introduction

ArcGIS Feature Services can be secured in several ways. To integrate with CoreVision and FieldVision, clients must provide valid authentication so that ITpipes can access their service. This guide outlines the supported authentication methods, what information we need from clients, and how clients can configure and share their services.

Note: ITpipes cannot configure ArcGIS environments for clients. Their GIS/IT team is responsible for setup. ITpipes can verify requirements and assist with testing.

Supported Authentication Methods

1. ArcGIS Username & Password

Clients may provide a standard ArcGIS Online or ArcGIS Enterprise username and password that ITpipes uses to connect to their Feature Service. This is not true “Basic Auth.” Instead, ArcGIS uses the credentials to generate a short-lived token behind the scenes.

  • Client provides: Username and password.
  • How ITpipes uses it: ITpipes submits credentials and receives a token automatically.
  • Limitations: Password changes or user deactivation will break the integration.

2. AppID & Secret (OAuth Client Credentials)

This is the preferred method for long-term integrations. The client’s GIS administrator creates an OAuth application in ArcGIS Online or Enterprise and provides ITpipes with an AppID (Client ID) and Secret.

ITpipes exchanges these values for a temporary token using the ArcGIS token endpoint, then appends the token to the Feature Service URL.

  • Client provides: AppID (Client ID) and Secret.
  • How ITpipes uses it: ITpipes generates a token, e.g.: https://.../FeatureServer?token=XXXXX
  • Advantages: Secure, no password sharing, tokens can be revoked or scoped.

3. Viewer Account

Clients may create a dedicated Viewer account for ITpipes. This account is read-only and intended solely for integration purposes.

  • Client provides: Viewer username and password.
  • How ITpipes uses it: ITpipes logs in with the viewer credentials to obtain tokens.
  • Advantages: Limits access to read-only, isolates integration from staff accounts.

4. Federated (Enterprise Portal / SSO)

If the client’s ArcGIS Enterprise is federated with an identity provider such as Microsoft Entra, Okta, or other SAML/SSO solutions, ITpipes can connect using a viewer account tied to that identity provider.

  • Client provides:
    • Portal URL (e.g., https://clientportal.domain.com/portal)
    • Viewer username
    • Viewer password
  • How ITpipes uses it: ITpipes authenticates through the Portal to generate a token.
  • Notes: Client’s GIS/IT team must ensure the Portal is accessible externally.

Summary

ITpipes supports multiple authentication methods depending on the client’s environment. AppID & Secret (OAuth) is the most secure and recommended option. Viewer accounts or federated logins are acceptable alternatives. Standard username and password logins are supported but should be avoided for long-term use.

Short 'n' Sweet Summary

Four Methods to Authenticate a Feature Service that ITpipes Supports. We strongly recommend oAuth for integrations. (AppID and Secret generated, then provided to ITpipes) Viewer accounts (including federated viewer accounts) are user-level authentication methods, meaning ITpipes logs in as a named user with a username and password. While ArcGIS issues a temporary token behind the scenes, this is not the same as OAuth client-credentials.  ITpipes recommends OAuth with an AppID and Secret, which provides a direct token without relying on user accounts.

  1. ArcGIS Username and Password: Username and Password Prompt when attempting to enter the Feature Service - Short-Lived Token
  2. oAuth: AppID and Secret generate a token for us to append to the Feature Service to view the metadata. Token Required or Invalid URL message when attempting to enter the Feature Service without appending. Client must provide us the AppID and Secret.
  3. Viewer Account: A Viewer account is established for ITpipes, the client will provide us a Viewer Username and Password. This will prompt when we attempt to enter the Feature Service and will unlock with the provided credentials.
  4. Federated: Same as Viewer account, but we will need the client to provide us the Portal URL also. 

www.itpipes.com


 

Related articles

Powered by Zendesk