Named User Granularity

Take Control of ArcGIS Online Account Security Within Your Organization

June 4, 2015 —

With each new delivery from ESRI, controlling the amount of security for ArcGIS Online within your organization is becoming quite a bit easier for administrators.

Administrators are better able to match their desired security policy using the most recent release of ArcGIS Online. This is great news, as it is important to have improved security while also allowing organizations to have an increase in freedom and flexibility.

 

Taking Control of Your Password Policy

 

With the latest ArcGIS Online release, you can directly control the required password strength to log in to the organization. Administrators can now require that passwords contain any combination of numbers, letters, lowercase letters, uppercase letters, special characters, and the minimum amount of characters used in the password.

Additionally, there are options to control how often passwords will expire, as well as the reusability of passwords over a given length of password history.

 

ArcGISOnline_PassPolicy

To access your organizations ArcGIS Online password policy, click on the My Organization section and then find Edit Settings.

 

ArcGISOnline_Header

Once you do that you should find yourself looking at a webpage similar to the one below. Now you can find Update Password Policy in the Security tab.

 

ArcGISOnline_UpdatePassPolicy

 

ArcGIS Online password requirements can now be very similar to your organization’s password policy with these new changes. For administrators who want to keep things simple, you can skip these options and simply stick to your organizations default password security for ArcGIS Online.

 

 

How About Some More Security?

 

If the improvements described above aren’t quite enough for your organization, then there is another layer of security that is available. The next layer of security that ArcGIS Online offers now is multifactor authentication.

This authentication will require that users enter a security code from a mobile device as well as their password. Many companies are now offering or requiring that users use this feature due to the additional amount of security in which it offers.

To enable Multifactor Authentication for your organization, click on the Allow members to choose whether to set up multifactor authentication for their individual accounts checkbox.

 

ArcGISOnline_MultiAuthentication

 

Since this layer of authentication applies to administrators, that means there needs to be a foolproof solution in place.

What would happen if the administrator was to lose their mobile device that provided the required authentication code? ArcGIS Online handles this by requiring that there to be at least two designated administrators in place for multifactor authentication.

This is to make sure that situations like this, and probably many other similar situations are taken care of. Designated administrators are responsible for multifactor authentication within their organization. This includes receiving emails when there are authentication issues within the organization.

Emails can serve as a good precautionary solution for observing attempted security breaches or to simply identify users that are in need of some assistance.

 

 

Why is Multifactor Authentication Useful for Security?

 

You have probably heard the phrase before that “everything is better in pairs.” While there are many things that I would absolutely be terrified of coming across in pairs, security authentication is not one of them. Multifactor authentication, such as the one that ESRI offers, is designed to eliminate many factors that a single and static password might be vulnerable to.

One factor that a single and static password might be vulnerable to is password cracking. Password cracking is the attempt to correctly guess a user’s password. Now a days there exists password cracking systems that can produce up to 350 billion passwords per second.

This type of attack could be pretty lethal if someone were to get a hold of your login name as well as your hashed password that is stored in a database. Multifactor authentication provides a higher level of security against this and several other situations as it often (if not always) provides an entirely separate database and also generates one-time passwords.

 

 

Interested in finding out more about multifactor authentication?

http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA

 

A short well-known comic relating to security

http://xkcd.com/936/

 

Based on this article

http://blogs.esri.com/esri/arcgis/2015/03/23/strengthen-organization-security/

ArcGIS Online  Esri GIS  SSP Blogs

We Wrote the Book

The Indispensible Guide to ArcGIS Online

Download It for Free

What do you think?

Leave a comment, and share your thoughts

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


This site uses Akismet to reduce spam. Learn how your comment data is processed.