New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Esri EAEP2201 Exam - Topic 2 Question 3 Discussion

Actual exam question for Esri's EAEP2201 exam
Question #: 3
Topic #: 2
[All EAEP2201 Questions]

A portal administrator is trying to enable web-tier authentication (IWA) for the ArcGIS Enterprise portal using Active Directory and IIS.

Steps taken:

Configured portal with Microsoft version of ArcGIS Web Adaptor

Set identity store to Active Directory

Added AD users to the portal

Disabled anonymous access in Portal

Users are not prompted to sign in and are not automatically logged in.

What should the administrator do next?

Show Suggested Answer Hide Answer
Suggested Answer: A

When using IWA through the Web Adaptor (IIS), the IIS server itself must be configured to deny anonymous access and allow Windows Authentication. Simply disabling anonymous access within the Portal settings is not enough.

From Esri's web-tier authentication guide:

''For IWA to function as expected, anonymous access must be disabled in IIS for the ArcGIS Web Adaptor, and Windows Authentication must be enabled. If IIS still allows anonymous access, users will bypass authentication prompts.''

Option B is irrelevant here---user types don't affect login behavior.

Option C is a content sync feature, not related to authentication.

Option D (Enable Windows Authentication) is correct only if it hasn't already been done, but the missing step is disabling anonymous access in IIS.


ArcGIS Enterprise -- Configuring Web-Tier Authentication with IIS

by Shawnna at Oct 06, 2025, 05:49 AM

Limited Time Offer

25%

Off

Get Premium EAEP2201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Reed
10 days ago
I feel like refreshing user membership (C) could also be a step.
upvoted 0 times
...
Kenny
15 days ago
A is good, but D is crucial for IWA to work properly.
upvoted 0 times
...
Hui
20 days ago
But what about option A? Disabling anonymous access could help too.
upvoted 0 times
...
Wei
25 days ago
I think option D is the best choice. Windows Authentication needs to be enabled in IIS.
upvoted 0 times
...
Johnna
1 month ago
Refreshing user membership might not hurt, but I doubt it’ll solve the login problem.
upvoted 0 times
...
Darrin
1 month ago
Disabling anonymous access on IIS could help too, but not sure if it's the main issue.
upvoted 0 times
...
Lenna
1 month ago
Wait, are they sure they configured everything correctly?
upvoted 0 times
...
Kate
2 months ago
I think assigning a default user type might not be necessary right now since the main issue seems to be with authentication.
upvoted 0 times
...
Leota
2 months ago
I feel like I saw a practice question where disabling anonymous access on the IIS server was crucial. Maybe that's relevant here too?
upvoted 0 times
...
Latosha
2 months ago
I'm not entirely sure, but I think refreshing user membership could help if there are issues with AD syncing.
upvoted 0 times
...
Pearly
2 months ago
I remember something about needing to enable Windows Authentication in IIS for IWA to work properly. That might be the next step.
upvoted 0 times
...
Arlie
2 months ago
C) Refresh user membership in the Portal Administrator Directory. Simple solution, but sometimes the obvious ones are the best.
upvoted 0 times
...
Cheryll
2 months ago
Definitely agree, that seems like the missing piece here.
upvoted 0 times
...
Ammie
3 months ago
I think enabling Windows Authentication in IIS is the way to go.
upvoted 0 times
...
Belen
3 months ago
Agreed, D makes sense. Without it, users can't log in automatically.
upvoted 0 times
...
Staci
3 months ago
I bet the admin is scratching their head, wondering "Why won't these users just log in automatically?" Gotta love IT problems.
upvoted 0 times
...
Santos
4 months ago
D) Enable Windows Authentication in IIS. Duh, how could they forget that crucial step? Rookie mistake.
upvoted 0 times
...
Yan
4 months ago
Hmm, I'd go with B) Assign a default user type to all portal members. Seems like the user permissions might be the problem here.
upvoted 0 times
...
Minna
4 months ago
D) Enable Windows Authentication in IIS. That's the key step to get the IWA integration working properly.
upvoted 0 times
...
Casie
4 months ago
C) Refresh user membership in the Portal Administrator Directory. This should update the user information and resolve the issue.
upvoted 0 times
...
Lashawnda
4 months ago
I feel pretty confident about this one. The issue is likely with the IIS configuration, so I'd go with option D and enable Windows Authentication in IIS. That should get the users prompted to sign in properly.
upvoted 0 times
...
Jaleesa
5 months ago
Alright, I've got a strategy for this. First, I'd double-check the IIS settings to ensure Windows Authentication is enabled. Then I'd try refreshing the user membership in the Portal Administrator Directory, just to be safe.
upvoted 0 times
...
Darnell
5 months ago
Hmm, okay, let me think this through. I think the key here is to make sure Windows Authentication is properly configured in IIS. That's probably the missing piece.
upvoted 0 times
...
Graciela
5 months ago
This seems like a tricky one. I'm not sure if I fully understand the steps involved in setting up web-tier authentication with Active Directory and IIS.
upvoted 0 times
Gregoria
3 months ago
I agree, but what about disabling anonymous access on the IIS server?
upvoted 0 times
...
Bette
3 months ago
This is definitely tricky! I think enabling Windows Authentication in IIS could help.
upvoted 0 times
...
...

Save Cancel