ArcGIS REST API

IDP

Description

List organization identity federation information configured using a single identity provider such as Active Directory Federation Services (ADFS) 2.0 and later, Okta, NetIQ Access Manager 3.2 and later, OpenAM 10.1.0 and later, Shibboleth 3.2 and later, etc.

Request Parameters

ParameterDetails
[Common Parameters]

For a complete listing, see common parameters.

Response Properties

PropertyDetails
id

The ArcGIS Online organization identity federation ID.

name

The identity provider name.

bindingUrl

The HTTP redirect binding IDP's URL that ArcGIS Online uses to allow a member to sign in.

postBindingUrl

The HTTP POST binding IDP's URL that ArcGIS Online uses to allow a member to sign in.

certificate

Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

logoutUrl

IDP URL used to sign out a signed-in user (automatically set if the property is specified in the IDP metadata file).

entityId

Entity ID used to identify the ArcGIS Online organization in the identity provider.

signUpMode

Enterprise members joining mode to the organization, automatically or through an invitation.

Supported Values: Automatic | Invitation

encryptionSupported

If true, it indicates to the identity provider that encrypted SAML assertion responses are supported.

roleId

Default role members are assigned, used when signUpMode=Automatic.

supportSignedRequest

If true, organization signs the SAML authentication request sent to the IDP.

useSHA256

If true, organization signs request using SHA-256 hash function, used when supportSignedRequest=true.

supportLogoutRequest

If true, signing out of the organization propagates logout of the IDP.

userLicenseType

Default user license type members are assigned, used when signUpMode=Automatic.

groups

An array of groups members are added upon joining the organization, used when signUpMode=Automatic.

Example: ["6dc1a6f134b44ebb8d1f1b55f0ad8753","538553267d36484daee14bf60105e119"]

userCreditAssignment

Used when organization has credit budgeting enabled, specific credit allocation for each joining member or to the default organization limit with -1.

updateProfileAtSignin

If true, automatically sync user account information (i.e. full name and email address) stored in ArcGIS Online with the information received from the IDP.

updateGroupsAtSignin

If true, it enables SAML based group membership that allows organization members to link specified SAML-based enterprise groups to ArcGIS Online groups during group creation.

Example Usage

URL for IDP

https://www.arcgis.com/sharing/rest/portals/J423vH8fR9HV444l/idp/wmwHndkeZHZxOg45

JSON Response Syntax

{
  "id": "<organization identity federation ID>",
  "name": "<IDP name>",
  "bindingUrl": "<path to redirect login URL>",
  "bindingPostUrl": "<path to post login URL>",
  "logoutUrl": "<path to logout URL>",
  "signUpMode": "Automatic | Invitation",
  "certificate": "<certificate text>",
  "encryptionSupported": true | false,
  "entityId": "<entity id>",
  "roleId": "<role id>",
  "userLicenseType": "<user license type ID>",
  "supportSignedRequest": true | false,
  "useSHA256": true | false,
  "supportsLogoutRequest": true | false,
  "userCreditAssignment": -1,
  "groups": [
    "<group id 1>",
    "<group id 2>"
  ],
  "updateProfileAtSignin": true | false,
  "updateGroupsAtSignin": true | false
}

JSON Response Example

{
  "id": "wmwHndkeZHZxOg45",
  "name": "My IDP",
  "bindingUrl": "https://redirectlogin.example.com",
  "bindingPostUrl": "https://postlogin.example.com",
  "logoutUrl": "https://logouturl.example.com",
  "signUpMode": "Automatic",
  "certificate": "",
  "encryptionSupported": false,
  "entityId": "org.maps.arcgis.com",
  "roleId": "org_user",
  "userLicenseType": "editorUT",
  "supportSignedRequest": true,
  "useSHA256": true,
  "supportsLogoutRequest": true,
  "userCreditAssignment": -1,
  "groups": [
    "920f779b7746422180304d840e66fa17",
    "bcc550e72f5c4312906fd4ca27999a8c"
  ],
  "updateProfileAtSignin": true,
  "updateGroupsAtSignin": false
}