Securing time-enabled feature layers

Time-enabled feature layers are hosted by PI Integrator for Esri ArcGIS, which creates corresponding items in ArcGIS Online or ArcGIS Enterprise. These items facilitate authentication to the feature layers. To secure these time-enabled feature layers, the Integrator must be aware of the security configuration of the ArcGIS platform to which the layers have been published. You use the useiwamode configuration parameter to define the security mechanism for the Integrator.

The useiwamode parameter applies only to authentication for time-enabled feature layers. The information in this section affects only time-enabled layers hosted by the Integrator; feature layers hosted by the ArcGIS platform are not included.

If you use ArcGIS Online or if you use Portal for ArcGIS configured to handle authentication at the portal tier, set useiwamode to 0 to enable a token-based layer security. In this case, no additional user action is required. See useiwamode configuration parameter.

If you use Portal for ArcGIS configured with Integrated Windows Authentication, choose one of the following two configuration options:

• Set useiwamode to 1 and configure Kerberos constrained delegation between the Integrator and Portal for ArcGIS. See Authorization using Kerberos for details about this option.

• Set useiwamode to 2 and configure end user access with the PI Geo Admins or PI Geo Users Windows groups. See Authorization using Windows groups for details about this option.