Iap Configuration
The Identity-Aware Proxy (IAP) configuration information used by an IapCredential. Currently, only the Microsoft Entra Application Proxy is supported via the Microsoft Identity Platform.
Since
200.8.0
Properties
The type of user interaction required for authentication and consent while signing in to the Identity-Aware Proxy (IAP). The default value is IapAuthorizationPromptType.Unspecified, which defines the default user interaction behavior for the Identity-Aware Proxy (IAP). It optimizes the user experience by minimizing unnecessary credential prompts. The single sign-on (SSO) experience is determined by the authenticated Identity-Aware Proxy (IAP) session within the web session.
The Identity-Aware Proxy (IAP) authorize endpoint that facilitates user authentication. This URL is presented in the web session, allowing users to enter their credentials. Upon successful authentication, an authorization code is received, which can be used to generate tokens for secure access to protected resources.
A unique application-specific identifier associated with an application which is registered with the Identity-Aware Proxy (IAP) portal. This identifier is utilized by the Identity-Aware Proxy (IAP) to determine which application is attempting to authenticate. It is essential for accurately recognizing and processing authentication requests, ensuring that only the correct application is granted access to protected resources.
A private key used to verify that the application is authorized to access secured services. This key establishes trust between the application and the Identity-Aware Proxy (IAP), ensuring that only authenticated applications can request access to protected resources. It must be kept confidential to prevent unauthorized access. Notably, Microsoft Entra Application Proxy does not require a client secret for authorization and token generation.
The hosts of the ArcGIS resources that are to be accessed behind the Identity-Aware Proxy (IAP). Supports the use of wildcards (*) to facilitate flexible access control. For example,
A unique identifier associated with an application which is registered with the Identity-Aware Proxy (IAP) portal. This identifier is utilized by the Identity-Aware Proxy (IAP) to determine which application is attempting to authenticate. It is essential for accurately recognizing and processing authentication requests, ensuring that only the correct application is granted access to protected resources. Notably, Microsoft Entra Application Proxy does not require an IAP client ID for authorization and token generation.
The URL that the Identity-Aware Proxy (IAP) login and logout pages will redirect to when authentication completes. The scheme of this URL must be registered as a custom URL scheme in the application.