ArcFM Mobile – Configuration Guide

Security Considerations

ArcFM Mobile supports only Portal for ArcGIS-based authentication. For instructions on configuring Portal-based authentication, refer to Configure Authentication.

ArcGIS Server:

  • All ArcGIS Servers must be protected against cross-site scripting attacks by configuring the origins allowed to be accessed alongside content from ArcGIS Server.

    IMPORTANT: It is crucial that you follow the instructions to Restrict cross-domain requests to ArcGIS Server.

  • ArcGIS Server is usually hosted within another HTTP stack (IIS, Apache). Follow the vendor's best practices for hardening the server against attack.

  • If you install ArcGIS Web Adaptor to allow ArcGIS Server to integrate with your existing web server, you must enable HTTPS on your web server, which means you need to obtain a server certificate and bind it to the website that hosts ArcGIS Web Adaptor.

Portal for ArcGIS:

  1. Your Portal-based authentication can use Portal built-in users or Active Directory-based users.

  2. Whether you use built-in users or AD-based users, you need to let traffic come from Auth0 (a hosted service that enables single sign-on) through the firewall to your Portal instance.

  3. Decide which groups, whether built-in or AD-based, map to which roles as specified in User Roles. We make assignments via group information from the identity provider so that group membership can be managed in a central location.

IMPORTANT: For ArcFM Mobile users to have access to a feature service through Portal for ArcGIS, the feature service must either be shared with everyone or with groups where the users are members.

Mobile devices

ArcFM Mobile provides users with offline access to an important asset of the organization: its GIS data. As such, it is important to secure that data against theft.

Recommendations specifically for securing mobile devices:

  1. Enable full disk encryption on devices that host ArcFM Mobile.

  2. Configure screen lock timeout for a maximum of five minutes.

  3. iOS and Android:

    • Be aware that ArcFM Mobile is not supported on jail broken iOS devices or rooted Android devices.

    • At the minimum, use a six-digit PIN.

    • Use mobile device management software that can remotely control which applications can run on, change the PIN on, or disable/wipe the device.

  4. Windows specific:

    • Do not grant local administrator privileges to end users.

    • Do not grant end-user account permissions to install applications.

    • Use application whitelisting to permit only approved applications or executables to run.

    • Use real-time endpoint protection to detect unauthorized changes to installed components.

Secure Disposal Guidelines

Secure disposal refers to systematically retiring outdated legacy software and hardware without compromising business needs or compliance requirements. Disposal is defined as the act of discarding media with no other sanitization considerations. Examples of Disposal include deleting electronic documents using standard file deletion methods, discarding paper in a recycling container, and discarding electronic storage media in a standard trash receptacle.

iOS and Android Devices

For secure disposal on iOS or Android, follow the device’s standard way of removing an app.

Windows Devices

If the Windows app is configured to use shared data, you need to  remove the shared data if you are no longer going to use that device for ArcFM Mobile.

In the event that you remove shared data when one user uninstalls the app yet other users are still using the app on that device, the shared data is removed for all users and they'll have to download the shared data again.

QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.

Was this helpful?

Contact Information
Legal Information
Privacy Policy
Change your cookie settings