Story Map Security: Who can view or edit your app

Can I keep my App private?

Yes, the regular ArcGIS Online security model applies. By default your app is private, you can share it through online builder or ArcGIS Online. When you share your app, it is your responsibility to make sure that all the resources of your app(web maps, images, videos) are accessible to your audience.

Who can edit my App?

An app can only be edited by its owner (the named account that initially created the app). Organization Administrator (does not apply for public account) can take or give the app’s ownership to another user. In that case you won’t anymore be able to edit the app. Changing the ownership is the only way to collaborate on a app creation without sharing the owner’s credentials.

Can I use private web map or layer?


When the app is hosted in ArcGIS Online or Portal for ArcGIS, users that don’t have access to the app or a web map used in the app will be redirected to the ArcGIS Online sign-in page. It is not possible to display an authentication dialog in the app when the app is hosted in ArcGIS Online.

To use a premium layer in a public web map, follow this procedure.

When the app is hosted on your web server, an authentication dialog will appear inside the application.

Note that for that authentication to work on some older browser (Internet Explorer 9) you need to install a proxy server on your web server to make sure the login credentials can be passed securely to ArcGIS Online. For more information, see the Using the proxy in the ArcGIS API for JavaScript documentation.

Because of that limitation, we recommend that you configure the application to use OAuth. OAuth 2.0 based authentication is available for ArcGIS Online and Portal for ArcGIS users with developer or organizational accounts. Follow the procedure to add an application and register an application to get an OAuth application ID. Once you have that application, open index.html, locate the configOptions section and fill the oAuthAppId property.