federation: Federation

URL:: https://[root]/portals/[portalID]/idp/federation
Methods:: GET
Operations:: Register, Update

Example usage

The following is a sample ArcGIS Online request URL used to access the federation resource:

Use dark colors for code blocksCopy
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp/federation?f=pjson

The following is a sample ArcGIS Enterprise request URL used to access the federation resource:

Use dark colors for code blocksCopy
https://machine.domain.com/webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/federation?f=pjson

Description

List organization identity federation information configured using a federation of identity providers, such as SWITCHaai.

Request parameters

Parameter	Details
`f`	The response format. The default format is `html`. Values: `html` \| `json` \| `pjson`

Response properties

Property	Details
`id`	The organization identity federation ID.
`name`	The SAML federation name.
`discoveryServiceUrl`	SAML federation discovery service URL.
`metadataServiceUrl`	SAML federation aggregate metadata service URL.
`certificate`	Base64-encoded certificate text used to validate metadata service, enclosed between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` .
`entityId`	Entity ID used to identify the organization in SAML federation.
`signUpMode`	Enterprise members joining mode to the organization, automatically or through an invitation. Values: `Automatic` \| `Invitation`
`encryptionSupported`	If `true`, it indicates to SAML federation that encrypted SAML assertion responses are supported. Values: `true` \| `false`
`roleId`	The default role members are assigned, used when `signUpMode` is `Automatic`.
`supportSignedRequest`	If `true`, your organization signs the SAML authentication request sent to the IDP federation. Values: `true` \| `false`
`useSHA256`	If `true`, your organization signs requests using the SHA-256 hash function, applicable when `supportSignedRequest` is `true`. Values: `true` \| `false`
`supportsLogoutRequest`	If `true`, signing out of the organization also prompts logout of the IDP. Values: `true` \| `false`
`userLicenseType`	The default user license type members are assigned, used when `signUpMode` is `Automatic`.
`groups`	An array of groups members are added upon joining the organization, used when `signUpMode` is set as `Automatic`. Example Use dark colors for code blocksCopy `1 "groups": ["6dc1a6f134b44ebb8d1f1b55f0ad8753","538553267d36484daee14bf60105e119"]`
`updateProfileAtSignin`	If `true`, the user account information (full name and email address) stored in your organization is automatically synced with the information received from the IDP. Values: `true` \| `false`

JSON Response syntax

Use dark colors for code blocksCopy
{
  "id": "<organization identity federation ID>",
  "name": "<SAML federation name>",
  "discoveryServiceUrl": "<path to discovery service>",
  "metadataServiceUrl": "<path to metadata service>",
  "certificate": "<certificate text>",
  "entityId": "<entity id>",
  "signUpMode": "Automatic | Invitation"
  "encryptionSupported": true | false,
  "roleId": "<role id>",
  "supportSignedRequest": true | false,
  "useSHA256": true | false,
  "supportsLogoutRequest": true | false,
  "userLicenseType": "<user license type ID>",
  "groups": "["group id1", "group id2"]",
  "updateProfileAtSignin": true | false
}

JSON Response example

Use dark colors for code blocksCopy
{
  "id": "WXpNWCKvSxNJ8K7D",
  "name": "My SAML federation",
  "discoveryServiceUrl": "https://discovery.example.com",
  "metadataServiceUrl": "https://metadata.example.com",
  "certificate": "",
  "entityId": "org.maps.arcgis.com",
  "signUpMode": "Automatic",
  "encryptionSupported": false,
  "roleId": "org_user",
  "supportSignedRequest": false,
  "supportsLogoutRequest": false,
  "userLicenseType": "editorUT",
  "groups": "["6dc1a6f134b44ebb8d1f1b55f0ad8753"]",
  "updateProfileAtSignin": true
}