/register: Register Federation

URL:
https://[root]/portals/[portalID]/idp/federation/register
Methods:
POST

Example usage

The following is a sample ArcGIS Online POST request for the register operation:

Use dark colors for code blocksCopy
1
2
3
4
5
6
POST /sharing/rest/portals/0123456789ABCDEF/idp/federation/register HTTP/1.1
Host: org.arcgis.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

name=My SAML federation&discoveryServiceUrl=https://discovery.example.com&metadataServiceUrl=https://metadata.example.com&entityId=org.maps.arcgis.com&certificate=...&userCreditAssignment=-1&groups=6dc1a6f134b44ebb8d1f1b55f0ad8753&signUpMode=Automatic&roleId=org_user&level=&userLicenseType=editorUT&userType=arcgisonly&f=pjson

The following is a sample ArcGIS Enterprise POST request for the register operation:

Use dark colors for code blocksCopy
1
2
3
4
5
6
POST /webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/federation/register HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

name=My SAML federation&discoveryServiceUrl=https://discovery.example.com&metadataServiceUrl=https://metadata.example.com&entityId=org.domain.com&certificate=...&userCreditAssignment=-1&groups=6dc1a6f134b44ebb8d1f1b55f0ad8753&signUpMode=Automatic&roleId=org_user&level=&userLicenseType=editorUT&userType=arcgisonly&f=pjson

Description

The register operation allows organization administrator to configure enterprise login using a SAML-based federation of identity providers. An organization can be set up using either a single IDP or a federation, not both.

Request parameters

PropertyDetails

name

The SAML federation name.

Example

Use dark colors for code blocksCopy
1
name=My SAML federation

discoveryServiceUrl

SAML federation discovery service URL.

Example

Use dark colors for code blocksCopy
1
discoveryServiceUrl=https://discovery.example.com

metadataServiceUrl

SAML federation aggregate metadata service URL.

Example

Use dark colors for code blocksCopy
1
metadataServiceUrl=https://metadata.example.com

certificate

Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- .

entityId

Entity ID used to identify the organization in SAML federation.

Example

Use dark colors for code blocksCopy
1
entityId=org.maps.arcgis.com

userCreditAssignment

Specific credit allocation for each joining member or to the default organization limit with -1. This is used when the organization has credit budgeting enabled.

groups

An array of groups members are added upon joining the organization, used when signUpMode is Automatic.

Example

Use dark colors for code blocksCopy
1
groups=6dc1a6f134b44ebb8d1f1b55f0ad8753

encryptionSupported

If true, it indicates to SAML federation that encrypted SAML assertion responses are supported. The default value is false.

Values: true | false

supportSignedRequest

If true, your organization signs the SAML authentication request sent to the IDP federation. The default value is false.

Values: true | false

supportsLogoutRequest

If true, signing out of the organization prompts logout of the IDP. The default value is false.

Values: true | false

updateProfileAtSignin

If true, user account information (full name and email address) stored in either ArcGIS Online or ArcGIS Enterprise is automatically synced with the information received from the IDP. The default value is false.

Values: true | false

updateGroupsAtSignin

If true, enables SAML-based group membership that allows organization members to link specified SAML-based enterprise groups to your organization's groups during group creation. The default is false.

Values: true | false

signUpMode

Determines the enterprise members joining mode to the organization, automatically or through an invitation.

Values: Automatic | Invitation

roleId

The default role members are assigned, used when signUpMode is Automatic.

userLicenseType

Default user license type members are assigned, used when signUpMode is Automatic.

userType

Determines if new members will have Esri access (both) or if Esri access will be disabled (arcgisonly). The default value is arcgisonly.

Values: arcgisonly | both

f

The response format. The default format is html.

Values: html | json | pjson

Response properties

PropertyDetails

success

Indicates if the operation was successful.

federationId

The ID of the organization identity federation.

JSON Response example

The following demonstrates a returned success response:

Use dark colors for code blocksCopy
1
2
3
4
{
  "success": true,
  "federationId": "J55ajJJ7MsY1QoQs"
}

The following demonstrates a returned error message:

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
{
  "error": {
    "code": 400,
    "message": "Unable to register Federation",
    "details": [
      "'discoveryServiceUrl' must be specified.",
      "'metadataServiceUrl' must be specified."
    ]
  }
}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.