/[idpID]: IDP

URL:
https://[root]/portals/[portalID]/idp/[idpID]
Methods:
GET
Operations:
Federation, Register, Update, Unregister

Example usage

The following is a sample ArcGIS Online request URL used to access the idp resource:

Use dark colors for code blocksCopy
1
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp

Once an IDP has been registered, the ID will be appended to the URL when viewing the JSON or PJSON view of the idp resource:

Use dark colors for code blocksCopy
1
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp/wmwHndkeZHZxOg45?f=pjson

The following is a sample ArcGIS Enterprise request URL used to access the idp resource with a reigstered IDP:

Use dark colors for code blocksCopy
1
https://machine.domain.com/webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/wmwHndkeZHZxOg45?f=pjson

Description

The resource for an individual IDP lists organization identity federation information configured using a single identity provider such as Active Directory Federation Services (ADFS) 2.0 and later, Okta, NetIQ Access Manager 3.2 and later, OpenAM 10.1.0 and later, Shibboleth 3.2 and later, etc.

Request parameters

ParameterDetails

f

The response format. The default format is html.

Values: html | json | pjson

Response properties

PropertyDetails

id

The organization identity federation ID.

name

The identity provider name.

bindingUrl

The HTTP redirect binding IDP's URL that your organization uses to allow a member to sign in.

postBindingUrl

The HTTP POST binding IDP's URL that your organization uses to allow a member to sign in.

certificate

A base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- .

logoutUrl

The IDP URL used to sign out a signed-in user (automatically set if the property is specified in the IDP metadata file).

entityId

The entity ID used to identify the organization in the identity provider.

signUpMode

The joining mode to the organization for enterprise members, either automatically or through an invitation.

Values: Automatic | Invitation

encryptionSupported

If true, it indicates to the identity provider that encrypted SAML assertion responses are supported.

Values: true | false

roleId

The default role members are assigned. This property is used when signUpMode is Automatic.

supportSignedRequest

If true, the organization signs the SAML authentication request sent to the IDP.

Values: true | false

useSHA256

If true, the organization signs request using SHA-256 hash function, used when supportSignedRequest is true.

Values: true | false

supportLogoutRequest

If true, signing out of the organization propagates logout of the IDP.

Values: true | false

groups

An array of groups members are added upon joining the organization, used when signUpMode=Automatic.

Example

Use dark colors for code blocksCopy
1
groups=["6dc1a6f134b44ebb8d1f1b55f0ad8753","538553267d36484daee14bf60105e119"]

userCreditAssignment

Used when organization has credit budgeting enabled, specific credit allocation for each joining member or to the default organization limit with -1.

updateProfileAtSignin

If true, user account information (i.e. full name and email address) stored in your organization is automatically synced with the information received from the IDP.

Values: true | false

updateGroupsAtSignin

If true, it enables SAML based group membership that allows organization members to link specified SAML-based enterprise groups during group creation.

Values: true | false

userType

Determines if new members will have Esri access (both) or if Esri access will be disabled (arcgisonly). The default value is arcgisonly.

Values: arcgisonly | both

userLicenseType

The default user license type members are assigned, used when signUpMode is Automatic.

JSON Response syntax

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{
  "id": "<organization identity federation ID>",
  "name": "<IDP name>",
  "bindingUrl": "<path to redirect login URL>",
  "bindingPostUrl": "<path to post login URL>",
  "logoutUrl": "<path to logout URL>",
  "signUpMode": "Automatic | Invitation",
  "certificate": "<certificate text>",
  "encryptionSupported": <true | false>,
  "entityId": "<entity id>",
  "roleId": "<role id>",
  "supportSignedRequest": <true | false>,
  "useSHA256": <true | false>,
  "supportsLogoutRequest": <true | false>,
  "userCreditAssignment": -1,
  "groups": [
    "<group id 1>",
    "<group id 2>"
  ],
  "updateProfileAtSignin": <true | false>,
  "updateGroupsAtSignin": <true | false>,
  "userType": <user type>,
  "userLicenseType": "<user license type ID>"
}

JSON Response example

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
  "id": "wmwHndkeZHZxOg45",
  "name": "My IDP",
  "bindingUrl": "https://redirectlogin.example.com",
  "bindingPostUrl": "https://postlogin.example.com",
  "logoutUrl": "https://logouturl.example.com",
  "signUpMode": "Automatic",
  "certificate": "",
  "encryptionSupported": false,
  "entityId": "org.maps.arcgis.com",
  "roleId": "org_user",
  "userLicenseType": "editorUT",
  "supportSignedRequest": true,
  "useSHA256": true,
  "supportsLogoutRequest": true,
  "userCreditAssignment": -1,
  "groups": [
    "920f779b7746422180304d840e66fa17",
    "bcc550e72f5c4312906fd4ca27999a8c"
  ],
  "updateProfileAtSignin": true,
  "updateGroupsAtSignin": false,
  "userType": null,
  "userLicenseType": null
}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.