Tag Archives: ArcGIS Online

Survey123 for ArcGIS: Securing surveys and results

Survey123 for ArcGIS is a complete, form-centric solution for creating, sharing and analyzing surveys. It is used to create smart forms and can be submitted from a web browser or dedicated Survey123 for ArcGIS native app by a defined audience.

Surveys can be designed on the Survey123 website or via the desktop with Survey123 Connect. Once designed, the survey is published, and in this process a survey form and service layers are created in the designer’s portal (ArcGIS Online or ArcGIS Enterprise). The survey form item represents the questions and survey settings, and the survey layers storing the submitted data.

After publishing you can collaborate with other users via the Survey123 website. Collaboration options apply to Submitters and Viewers, giving control on who can submit, what they submit and then also who can view the results. As these collaboration settings are applied in the Survey123 website the settings on the items in portal are updated. In the example below, updating ‘Who can submit to this survey’ to ‘Everyone (Public)’ changed the sharing on the survey form and fieldworker service layer to ‘Everyone (Public)’:

Survey123 Collaboration settings show survey is shared to Everyone (Public)
Survey123 Collaboration settings
The Everyone (Public) settings on the Survey123 website push to the portal item settings
ArcGIS Online item settings: the survey form (questions) and service layer (where the submitted data is stored) are shared to Everyone (Public)

This highlights several things:

  • Survey123 leverages the storage, sharing and security model of the ArcGIS platform
  • You can access the content directly to apply granular settings or use the layers in other maps and web mapping applications
  • The Survey123 platform is reliant on these items. Care needs to be taken not to make sharing or item setting changes that would break the platform’s ability to function.

In general it’s best to configure settings through the Survey123 website, as this will ensure that all items are updated as necessary while retaining platform functionality. A somewhat common mistake is sharing only the ‘form’ via the portal Content screen. This allows users to access the survey form but will fail on submission as they don’t have access to view/edit the associated feature layer. Sharing through the Survey123 website ensured that both items were shared at the appropriate level.

When working with public surveys, greater control is often desired over who can submit and view survey data. If not secured, public survey results containing private or sensitive information could be viewed or manipulated. By configuring the securing options for the underying survey layers that support the survey, you can allow public users to submit surveys without exposing previously collected data. Other stakeholders can be provided access to the data, in part or its entirety, through Feature Layer Views.

Esri recently released two key resources to help you with securing your survey data:

If you’re a Survey123 publisher or organization administrator, you’ll want to take a look at the above two resources to ensure that you understand the level of access to your survey data. It’s important to remember that some surveys intentionally share their results publicly. If you have any additional questions about implementing these best practices, please contact Tech Support.

Additional information:

ArcGIS Online Security Changes – Is Your Organisation Prepared?

Earlier last month Esri published a blog post titled Prepare for Next Major ArcGIS Online Security Advancement Now. I have to admit when I first read it; I didn’t pause for long – thinking it was related to another recent web-security related change by Esri – the switch to TLS 1.2

If your eyes are glazing over already, hang in there. There was more to this post than I first thought, and it’s something you should be thinking about now if you’re administering an ArcGIS Online organisation that has been in place for some time. To be specific, if you created your ArcGIS Online site before September 2018, then you should read on.

What’s going to happen in 2020 is that ArcGIS Online will no longer work with external references to resources that use HTTP in the referring URL. Only HTTPS references will be supported. This is the way the web is moving and Esri is simply following best practice.

If you created your ArcGIS Online organisational after September 2018, then you will have been subject to this restriction from the get-go and won’t have a problem (it has been the default position since that time). If the organisational site is older than that, then there’s a chance you could have these less secure references to resources lurking in your web maps, web scenes and other items. If you do nothing, a bunch of things may stop working at some point in 2020, and you’ll be scurrying to try and fix them in a hurry.

For any of you utilising Story Maps you may have already encountered this. In 2018 the Story Map team implemented HTTPS only compliant web apps. This meant not only did the story map have to be secured with HTTPS but also any referenced site in a story map  also had to be secured in the same fashion. In 2020 ArcGIS Online in its entirety will follow suite. Details on that earlier Story Map change here.

How would you know you’ve got a problem to solve? Esri has created a tool called the ArcGIS Online Security Advisor that will scan all the items in your organisation, looking for the issue. You’ll need to be logged in as an administrator of the organisation to do this. The HTTP Check component of that tool is in Beta right now with new capabilities being added regularly.

It can’t directly fix the issues because a simple replacement of HTTP with HTTPS in the reference may not work  if the target server doesn’t support HTTPS. However, it will give you the feedback you need to go triage each of the problems it flags.

A typical scenario that could impact many users is where a GIS service is coming from an older version of ArcGIS Server and added as an item to an ArcGIS Online organisation. That older ArcGIS Server version would have allowed the specification of just HTTP, or both HTTP and HTTPS when exposing services.

Here’s an example. Way back, I created a web map in my ArcGIS Online organisation that refers to the Australian Coastal Sediment Compartments web service from GeoScience Australia.  The link here is for the HTTPS version (since this is all about best practice), but when I created that map, I used the HTTP version. Both forms are currently supported by the GeoScience Australia GIS Server.

GAMap

The map displays the GA map service on top of the Esri Oceans basemap and works fine. Come 2020; this won’t be the case. If I use the beta HTTP Check tool in the ArcGIS Online Security Advisor, it picks up two problems with the web map.

GAMapDetection

 
In scanning the web map item, it detected that I have the URL of the GA web service in the Description. While that won’t break the map when HTTP is no longer supported, it still needs attention given the resource it refers to will change.

GAMapItem

The second pickup by the tool was the actual URL to the GA service in the JSON data describing the web map.

GAMapItemData

Equally, if you’ve created items in your portal that refer to resources coming from external sources  – say a web service from an external agency that you collaborate with, then you may come up against the same issue if they’re using HTTP.

When you interact with a web site that doesn’t use HTTPS to encrypt traffic these days, you get to know it. It’s no longer just a small broken padlock icon – mainstream browsers are now calling it out and telling you that the site is not secure. That’s a good thing, and Esri is just doing its part to ensure web security best practices are adhered to.

Read the original blog post here and use the ArcGIS Online Security Advisor tool to determine whether you need to take any action.

Important Security Updates to the ArcGIS Platform

January, 2019

Esri have recently announced upcoming improvements to ArcGIS Online in order to maintain the highest industry standards for data integrity and network security. Starting on 16 April 2019, ArcGIS Online will only accept TLS 1.2 connections for ArcGIS Online services. Some software, like ArcGIS Pro, are already TLS 1.2 enabled. Other Esri software, such as ArcGIS Desktop, uses TLS 1.0—this software requires a patch or configuration change to support TLS 1.2 connections. Esri is releasing patches and instructions to update existing software to support these connections.

What is TLS?
TLS or  “Transport Layer Security” is a widely deployed network security protocol. It provides privacy and data integrity between communicating applications over a network. You use TLS whenever accessing ArcGIS Online services, such as basemaps, geoprocessing services, and the Living Atlas, from ArcGIS Desktop, ArcGIS Enterprise, and other applications.

Continue reading

Creating 3D Story Maps using data from Esri CityEngine.

In the last couple of years Story Maps have become quite popular with ArcGIS Desktop / Online users. They provide a quick and efficient way to deliver important information or a message in a form of an easily-configurable web application that uses geographic data and can be enriched by adding various types of media content. There are thousands of story maps that you can access through ArcGIS online and it’s very easy to create your own.

One of my areas of expertise is 3D GIS and from time to time people ask me whether it’s possible to display 3D information in a Story Map. Well, the answer is yes. This functionality has been available for more than a year and I believe it’s time to write a blog about the workflow that will make your story maps 3D –enabled.

In this blog I will demonstrate how to use CityEngine 3D scenes to publish your 3D data to ArcGIS Online and create an interactive Story Map that uses 3D web scenes.

For the purpose of this demo, I used one of the CityEngine Examples provided by Esri Inc. on their CityEngine Gallery web page, available here:>>

Continue reading

Using Fiddler to Troubleshoot ArcConundrums

My work in our Technical Support team here at Esri Australia has exposed me to a variety of web traffic related incidents. You can find many useful resources to track and disseminate this web traffic online, but I have found one (free) program to be more useful and intuitive than the rest – Fiddler. Fiddler is a fantastic tool that provides information on any web interaction within your ArcGIS Enterprise system, web mapping and mobile applications. This can empower you with a better understanding of your problem, deployment or user workflows.This post will not explore the ins and outs of Fiddler, as this has been well documented by a large and involved community (including Esri), but I would like to introduce you to an easy and tangible way you can look ‘under the hood of web GIS.

Continue reading

A Brief Look at the Query and Search Widget for Web AppBuilder

While delivering Arc 2: Essential Workflows, I was enthusiastically describing the wonders and practical uses of the search widget in the Web App Builder for ArcGIS Online or Portal and the capability it has to search content within your feature layers. When asking my students, “which widget should I use?” Some referred to the functionality of the query widget which I had previously demonstrated, while others preferred the power of a search widget. Hopefully by the end of this post you will be well placed to make an informed decision as to whether you should use and configure a query or search widget for your web apps in ArcGIS Online or Portal.

Continue reading

Ozri 2015 GIS Generations

Introducing: ArcGIS Online – smart mapping

Smart mapping emerged with this year’s March release of ArcGIS Online, providing a smarter, more sophisticated approach to symbolising data. Replacing the formerly available ‘change symbols’ option, smart mapping is available to a variety of ArcGIS Online layer types (feature services, dynamic layers, stream services and CSV, SHP and GPX map added data, to name a few), and is accessed via a layer’s change style control () in the map viewer contents display.

The smart mapping toolset presents logical symbology options to the ArcGIS Online map maker. These options are derived based on a subject layer’s characteristics, the data type (point, line or polygon), as well as the spatial distribution of the layer’s features together with the variation of values across a subject display field.

Additionally, other evident display characteristics are assessed, such as symbology used by an underlying basemap. Consequently aesthetic, meaningful and size appropriate symbology options are proposed in this data driven, ‘smart’ approach to layer symbolisation.

Continue reading

Tips for Sharing Content in Seconds

Directions LIVE

Sharing Content in Seconds is the last session in our technical program for DirectionsLIVE, and this is definitely a case of last, but not least! This session will reinforce the concepts presented in the rest of the program, and give you some tips that you can start using immediately.

If you’re involved in any kind of major event or natural disaster – as an ArcGIS user – you know your information products are in high demand, and critical to decision making.  In this scenario, we’ll look at Rapid Damage Assessment following a Cyclone Event.

Continue reading