/register: Register Federation

URL:: https://[root]/portals/[portalID]/idp/federation/register
Methods:: POST

Example usage

The following is a sample ArcGIS Online POST request for the register operation:

Use dark colors for code blocksCopy
POST /sharing/rest/portals/0123456789ABCDEF/idp/federation/register HTTP/1.1
Host: org.arcgis.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

name=My SAML federation&discoveryServiceUrl=https://discovery.example.com&metadataServiceUrl=https://metadata.example.com&entityId=org.maps.arcgis.com&certificate=...&userCreditAssignment=-1&groups=6dc1a6f134b44ebb8d1f1b55f0ad8753&signUpMode=Automatic&roleId=org_user&level=&userLicenseType=editorUT&userType=arcgisonly&f=pjson

The following is a sample ArcGIS Enterprise POST request for the register operation:

Use dark colors for code blocksCopy
POST /webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/federation/register HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

name=My SAML federation&discoveryServiceUrl=https://discovery.example.com&metadataServiceUrl=https://metadata.example.com&entityId=org.domain.com&certificate=...&userCreditAssignment=-1&groups=6dc1a6f134b44ebb8d1f1b55f0ad8753&signUpMode=Automatic&roleId=org_user&level=&userLicenseType=editorUT&userType=arcgisonly&f=pjson

Description

The register operation allows organization administrator to configure enterprise login using a SAML-based federation of identity providers. An organization can be set up using either a single IDP or a federation, not both.

Request parameters

Property	Details
`name`	The SAML federation name. Example Use dark colors for code blocksCopy `1 name=My SAML federation`
`discoveryServiceUrl`	SAML federation discovery service URL. Example Use dark colors for code blocksCopy `1 discoveryServiceUrl=https://discovery.example.com`
`metadataServiceUrl`	SAML federation aggregate metadata service URL. Example Use dark colors for code blocksCopy `1 metadataServiceUrl=https://metadata.example.com`
`certificate`	Base64-encoded certificate text used to validate metadata service, enclosed between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` .
`entityId`	Entity ID used to identify the organization in SAML federation. Example Use dark colors for code blocksCopy `1 entityId=org.maps.arcgis.com`
`userCreditAssignment`	Specific credit allocation for each joining member or to the default organization limit with `-1`. This is used when the organization has credit budgeting enabled.
`groups`	An array of groups members are added upon joining the organization, used when `signUpMode` is `Automatic`. Example Use dark colors for code blocksCopy `1 groups=6dc1a6f134b44ebb8d1f1b55f0ad8753`
`encryptionSupported`	If `true`, it indicates to SAML federation that encrypted SAML assertion responses are supported. The default value is `false`. Values: `true` \| `false`
`supportSignedRequest`	If `true`, your organization signs the SAML authentication request sent to the IDP federation. The default value is `false`. Values: `true` \| `false`
`supportsLogoutRequest`	If `true`, signing out of the organization prompts logout of the IDP. The default value is `false`. Values: `true` \| `false`
`updateProfileAtSignin`	If `true`, user account information (full name and email address) stored in either ArcGIS Online or ArcGIS Enterprise is automatically synced with the information received from the IDP. The default value is `false`. Values: `true` \| `false`
`updateGroupsAtSignin`	If `true`, enables SAML-based group membership that allows organization members to link specified SAML-based enterprise groups to your organization's groups during group creation. The default is `false`. Values: `true` \| `false`
`signUpMode`	Determines the enterprise members joining mode to the organization, automatically or through an invitation. Values: `Automatic` \| `Invitation`
`roleId`	The default role members are assigned, used when `signUpMode` is `Automatic`.
`userLicenseType`	Default user license type members are assigned, used when `signUpMode` is `Automatic`.
`userType`	Determines if new members will have Esri access (`both`) or if Esri access will be disabled (`arcgisonly`). The default value is `arcgisonly`. Note While this parameter only applies to ArcGIS Online, the value for this parameter will still be passed through in ArcGIS Enterprise requests for this operation. this will have no impact on your ArcGIS Enterprise organization. Values: `arcgisonly` \| `both`
`f`	The response format. The default format is `html`. Values: `html` \| `json` \| `pjson`

Response properties

Property	Details
`success`	Indicates if the operation was successful.
`federationId`	The ID of the organization identity federation.

JSON Response example

The following demonstrates a returned success response:

Use dark colors for code blocksCopy
{
  "success": true,
  "federationId": "J55ajJJ7MsY1QoQs"
}

The following demonstrates a returned error message:

Use dark colors for code blocksCopy
{
  "error": {
    "code": 400,
    "message": "Unable to register Federation",
    "details": [
      "'discoveryServiceUrl' must be specified.",
      "'metadataServiceUrl' must be specified."
    ]
  }
}