Skip To Content
ArcGIS Developers
Dashboard

/register: Register Federation

  • URL:https://[root]/portals/[portalID]/idp/federation/register(POST only)

Example usage

Below is a sample ArcGIS Online POST request for the register operation:

POST /sharing/rest/portals/0123456789ABCDEF/idp/federation/register HTTP/1.1
Host: org.arcgis.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

name=My SAML federation&discoveryServiceUrl=https://discovery.example.com&metadataServiceUrl=https://metadata.example.com&entityId=org.maps.arcgis.com&certificate=...&userCreditAssignment=-1&groups=6dc1a6f134b44ebb8d1f1b55f0ad8753&signUpMode=Automatic&roleId=org_user&level=&userLicenseType=editorUT&userType=arcgisonly&f=pjson

Below is a sample ArcGIS Enterprise POST request for the register operation:

POST /webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/federation/register HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

name=My SAML federation&discoveryServiceUrl=https://discovery.example.com&metadataServiceUrl=https://metadata.example.com&entityId=org.domain.com&certificate=...&userCreditAssignment=-1&groups=6dc1a6f134b44ebb8d1f1b55f0ad8753&signUpMode=Automatic&roleId=org_user&level=&userLicenseType=editorUT&userType=arcgisonly&f=pjson

Description

The register federation operation (POST only) allows organization administrator to configure enterprise login using a SAML-based federation of identity providers. An organization can be set up using either a single IDP or a federation, not both.

Request parameters

PropertyDetails
name

The SAML federation name.

Example

name=My SAML federation
discoveryServiceUrl

SAML federation discovery service URL.

Example

discoveryServiceUrl=https://discovery.example.com
metadataServiceUrl

SAML federation aggregate metadata service URL.

Example

metadataServiceUrl=https://metadata.example.com
certificate

Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

entityId

Entity ID used to identify the organization in SAML federation.

Example

entityId=org.maps.arcgis.com
userCreditAssignment

Specific credit allocation for each joining member or to the default organization limit with -1. This is used when the organization has credit budgeting enabled.

groups

An array of groups members are added upon joining the organization, used when signUpMode is Automatic.

Example

groups=6dc1a6f134b44ebb8d1f1b55f0ad8753
encryptionSupported

If true, it indicates to SAML federation that encrypted SAML assertion responses are supported. The default value is false.

Values: true | false

supportSignedRequest

If true, your organization signs the SAML authentication request sent to the IDP federation. The default value is false.

Values: true | false

supportsLogoutRequest

If true, signing out of the organization prompts logout of the IDP. The default value is false.

Values: true | false

updateProfileAtSignin

If true, user account information (full name and email address) stored in either ArcGIS Online or ArcGIS Enterprise is automatically synced with the information received from the IDP. The default value is false.

Values: true | false

updateGroupsAtSignin

If true, enables SAML-based group membership that allows organization members to link specified SAML-based enterprise groups to your organization's groups during group creation. The default is false.

Values: true | false

signUpMode

Determines the enterprise members joining mode to the organization, automatically or through an invitation.

Values: Automatic | Invitation

roleId

The default role members are assigned, used when signUpMode is Automatic.

level
Note:

This parameter has been deprecated as of ArcGIS Enterprise 10.7 and the December 2018 release of ArcGIS Online. Users should instead use the userLicenseType parameter below.

The default license level members are assigned. This is used when singupMode is Automatic.

userLicenseType

Default user license type members are assigned, used when signUpMode is Automatic.

userType

Determines if new members will have Esri access (both) or if Esri access will be disabled (arcgisonly). The default value is arcgisonly.

Note:

While this parameter only applies to ArcGIS Online, the value for this parameter will still be passed through in ArcGIS Enterprise requests for this operation. this will have no impact on your ArcGIS Enterprise organization.

Values: arcgisonly | both

f

The response format. The default format is html.

Values: html | json | pjson

Response properties

PropertyDetails
success

Indicates if the operation was successful.

federationId

The ID of the organization identity federation.

JSON Response example

The following demonstrates a returned success response:

{
  "success": true,
  "federationId": "J55ajJJ7MsY1QoQs"
}

The following demonstrates a returned error message:

{
  "error": {
    "code": 400,
    "message": "Unable to register Federation",
    "details": [
      "'discoveryServiceUrl' must be specified.",
      "'metadataServiceUrl' must be specified."
    ]
  }
}