/[idpID]: IDP

URL:: https://[root]/portals/[portalID]/idp/[idpID]
Methods:: GET
Operations:: Federation, Register, Update, Unregister

Example usage

The following is a sample ArcGIS Online request URL used to access the idp resource:

Use dark colors for code blocksCopy
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp

Once an IDP has been registered, the ID will be appended to the URL when viewing the JSON or PJSON view of the idp resource:

Use dark colors for code blocksCopy
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp/wmwHndkeZHZxOg45?f=pjson

The following is a sample ArcGIS Enterprise request URL used to access the idp resource with a reigstered IDP:

Use dark colors for code blocksCopy
https://machine.domain.com/webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/wmwHndkeZHZxOg45?f=pjson

Description

The resource for an individual IDP lists organization identity federation information configured using a single identity provider such as Active Directory Federation Services (ADFS) 2.0 and later, Okta, NetIQ Access Manager 3.2 and later, OpenAM 10.1.0 and later, Shibboleth 3.2 and later, etc.

Request parameters

Parameter	Details
`f`	The response format. The default format is `html`. Values: `html` \| `json` \| `pjson`

Response properties

Property	Details
`id`	The organization identity federation ID.
`name`	The identity provider name.
`bindingUrl`	The HTTP redirect binding IDP's URL that your organization uses to allow a member to sign in.
`postBindingUrl`	The HTTP POST binding IDP's URL that your organization uses to allow a member to sign in.
`certificate`	A base64-encoded certificate text used to validate metadata service, enclosed between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` .
`logoutUrl`	The IDP URL used to sign out a signed-in user (automatically set if the property is specified in the IDP metadata file).
`entityId`	The entity ID used to identify the organization in the identity provider.
`signUpMode`	The joining mode to the organization for enterprise members, either automatically or through an invitation. Values: `Automatic` \| `Invitation`
`encryptionSupported`	If `true`, it indicates to the identity provider that encrypted SAML assertion responses are supported. Values: `true` \| `false`
`roleId`	The default role members are assigned. This property is used when `signUpMode` is `Automatic`.
`supportSignedRequest`	If `true`, the organization signs the SAML authentication request sent to the IDP. Values: `true` \| `false`
`useSHA256`	If `true`, the organization signs request using SHA-256 hash function, used when `supportSignedRequest` is `true`. Values: `true` \| `false`
`supportLogoutRequest`	If `true`, signing out of the organization propagates logout of the IDP. Values: `true` \| `false`
`groups`	An array of groups members are added upon joining the organization, used when `signUpMode=Automatic`. Example Use dark colors for code blocksCopy `1 groups=["6dc1a6f134b44ebb8d1f1b55f0ad8753","538553267d36484daee14bf60105e119"]`
`userCreditAssignment`	Used when organization has credit budgeting enabled, specific credit allocation for each joining member or to the default organization limit with `-1`.
`updateProfileAtSignin`	If `true`, user account information (i.e. full name and email address) stored in your organization is automatically synced with the information received from the IDP. Values: `true` \| `false`
`updateGroupsAtSignin`	If `true`, it enables SAML based group membership that allows organization members to link specified SAML-based enterprise groups during group creation. Values: `true` \| `false`
`userType`	Determines if new members will have Esri access (`both`) or if Esri access will be disabled (`arcgisonly`). The default value is `arcgisonly`. Note While this parameter only applies to ArcGIS Online, the value for this parameter will still be passed through in ArcGIS Enterprise requests for this operation. This will have no impact on your ArcGIS Enterprise organization. Values: `arcgisonly` \| `both`
`userLicenseType`	The default user license type members are assigned, used when `signUpMode` is `Automatic`.

JSON Response syntax

Use dark colors for code blocksCopy
{
  "id": "<organization identity federation ID>",
  "name": "<IDP name>",
  "bindingUrl": "<path to redirect login URL>",
  "bindingPostUrl": "<path to post login URL>",
  "logoutUrl": "<path to logout URL>",
  "signUpMode": "Automatic | Invitation",
  "certificate": "<certificate text>",
  "encryptionSupported": <true | false>,
  "entityId": "<entity id>",
  "roleId": "<role id>",
  "supportSignedRequest": <true | false>,
  "useSHA256": <true | false>,
  "supportsLogoutRequest": <true | false>,
  "userCreditAssignment": -1,
  "groups": [
    "<group id 1>",
    "<group id 2>"
  ],
  "updateProfileAtSignin": <true | false>,
  "updateGroupsAtSignin": <true | false>,
  "userType": <user type>,
  "userLicenseType": "<user license type ID>"
}

JSON Response example

Use dark colors for code blocksCopy
{
  "id": "wmwHndkeZHZxOg45",
  "name": "My IDP",
  "bindingUrl": "https://redirectlogin.example.com",
  "bindingPostUrl": "https://postlogin.example.com",
  "logoutUrl": "https://logouturl.example.com",
  "signUpMode": "Automatic",
  "certificate": "",
  "encryptionSupported": false,
  "entityId": "org.maps.arcgis.com",
  "roleId": "org_user",
  "userLicenseType": "editorUT",
  "supportSignedRequest": true,
  "useSHA256": true,
  "supportsLogoutRequest": true,
  "userCreditAssignment": -1,
  "groups": [
    "920f779b7746422180304d840e66fa17",
    "bcc550e72f5c4312906fd4ca27999a8c"
  ],
  "updateProfileAtSignin": true,
  "updateGroupsAtSignin": false,
  "userType": null,
  "userLicenseType": null
}