Skip To Content
ArcGIS Developers
Dashboard

/register: Register IDP

  • URL:https://[root]/portals/[portalID]/idp/register(POST only)

Example usage

Below is a sample ArcGIS Online multipart POST request for the register operation:

POST /sharing/rest/portals/0123456789ABCDEF/idp/register HTTP/1.1
Host: org.arcgis.com
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Length: []

------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="name"

SAML / ADFS
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="signUpMode"

Automatic
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="entityId"

org.domain.com.portal
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="roleId"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="level"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userLicenseType"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="idpMetadataUrl"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="idpMetadataFile"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="bindingUrl"

https://domain.com.com/adfs/ls/idpinitiatedsignon.aspx
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="postBindingUrl"

https://domain.com.com/adfs/ls/idpinitiatedsignon.aspx
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="logoutUrl"

https://domain.com.com/adfs/ls/
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="certificate"

MIIC7DCCAdSgAwIBAgIQFbBmTUp9fKJJB/elgcdwxzANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wHhcNMjAwMzMwMjAyMTA0WhcNMjEwMzMwMjAyMTA0WjAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2gmwU3Iw8GkNBGiVF3bigUdBmfMsLYOZVZVSUs9Dhv4i5KTjGyDY5ToR7G/Y4ie5C847IXkoVO9Zaywyd7DFuZIrDm34zjs7UkaTXMRwE9C42ndpktARiX2gIvaM9ZC/By71NidtNL3nXEwW0MYufgKRnX39GgEfBdgbr1Hv1R3tjb4OvX4bHthWjN30IW9jcYLOIB9eR8Mwtd45xGLZlXi2rqFta+amGB2jh87nJQawJP5WnUa+AHz1wsK3Q3reiEEiPUtfv/9wvjcbYy9rhuiuR9kgcvP9wzMjWOsjQeYm0hjEmXHb/rB/VeNcr+aXNsqb0CnFNsJeI0cmPN3bLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGD+hPYcGxHnJqGZ2bgtwD2w7AkgKX76Ta/Muy3uuZkojOG9eT8VYShnjKsfotbOGYsWUXnFNDd8n0jDfHv6ieVc4UoCTqxwycxj5FLjCV3s+AoiCniPqcdRfgjMGxcL9kFJS8KKzyvcFS8Hz/2r6fl69hJdRAjViIunhA7yoRc9bGNvQ54blJ/ykHzoaG/o6fPdkG2pbFqCXLYm0JbFpXKao3Hk8l8xdBBFXgUU57LQKkdGNvIgerHoLmgwyd0p5LVT78iwl6Y4cGZDnGs9QR5osLn2WKdECyOpj6n0wBmy6uf4xCGcH9AJ+ZafvxqBb21YNHxRUAnncf8/tqrelHM=
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="encryptionCertificate"

MIIC8jCCAdqgAwIBAgIQc/xsSmk91Y1Cfufo32bE1DANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDEypBREZTIEVuY3J5cHRpb24gLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wHhcNMjAwMzMwMjAyMTA0WhcNMjEwMzMwMjAyMTA0WjA1MTMwMQYDVQQDEypBREZTIEVuY3J5cHRpb24gLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIli4ws8yF3S6CBrtILXyc+YBVZrdkf8nA0Jp1N+8VDRvC7pB8pkOB2zlWZxb0w72QgwKNLOlSGqc2O06/VHXwrOdBqqGLh9rPG5nygMjoiXoZ82/gu+OZHH4e5LEY7BBZ6HME/jCXdu0Y4e6tjLuDXusxDOGeT4xYeFCV6VRlW6O153cR13FNaslndeEhweVvVuvdsOGB2yY3Uuv4x+RJesxCikSYg6g306Xin6vcbuMJ427bSCrGZZw3iaMQQcBwIkPQ3/c1hC7Z5CJ4I2rcIW91tgCMS5pQxHR2IRjC82Z1Snwj1KHo9opK8xy3MY1csc+ezwRTKE0uhroMa9GVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAB2Rp5BymejVGQL4a2d2OkvK8tt0e1f8/vgcomCEMETPoDa0UWJ4JTVgsf0PAWa5Sf/t68TsDaTm4Xom8ZMLov7WUqEkA1zSZr2IaZ/ozIvNH94aYv4MY99MHK5eJoOqjau0Tc4Us2j0teoVAGmuCYL/H9i34tZ2ExLJzp1SO1/35tGFmEajPVfOb6o9RZX2aZtc/i+dffuf9mRWLm1ujmHITntgP7kJYhehTOCfGLbwuMmR4jZhLCzrXkAAqX+m3Odpiq9Q0/8cvuzyIdyiftNYYoMj8b1f8Q2snjQtxE9juoXs5k1xOgxke3X2SRrQgNQ7zFSLKP1TURJpG98WqF0=
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userCreditAssignment"

-1
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="groups"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userType"

arcgisonly
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="f"

pjson
------WebKitFormBoundaryc6E2kBLlZBZPaIyb--

Below is a sample ArcGIS Enterprise multipart POST request for the register operation:

POST /webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/register HTTP/1.1
Host: machine.domain.com
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Length: []

------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="name"

SAML / ADFS
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="signUpMode"

Automatic
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="entityId"

org.domain.com.portal
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="roleId"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="level"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userLicenseType"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="idpMetadataUrl"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="idpMetadataFile"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="bindingUrl"

https://domain.com.com/adfs/ls/idpinitiatedsignon.aspx
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="postBindingUrl"

https://domain.com.com/adfs/ls/idpinitiatedsignon.aspx
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="logoutUrl"

https://domain.com.com/adfs/ls/
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="certificate"

MIIC7DCCAdSgAwIBAgIQFbBmTUp9fKJJB/elgcdwxzANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wHhcNMjAwMzMwMjAyMTA0WhcNMjEwMzMwMjAyMTA0WjAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2gmwU3Iw8GkNBGiVF3bigUdBmfMsLYOZVZVSUs9Dhv4i5KTjGyDY5ToR7G/Y4ie5C847IXkoVO9Zaywyd7DFuZIrDm34zjs7UkaTXMRwE9C42ndpktARiX2gIvaM9ZC/By71NidtNL3nXEwW0MYufgKRnX39GgEfBdgbr1Hv1R3tjb4OvX4bHthWjN30IW9jcYLOIB9eR8Mwtd45xGLZlXi2rqFta+amGB2jh87nJQawJP5WnUa+AHz1wsK3Q3reiEEiPUtfv/9wvjcbYy9rhuiuR9kgcvP9wzMjWOsjQeYm0hjEmXHb/rB/VeNcr+aXNsqb0CnFNsJeI0cmPN3bLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGD+hPYcGxHnJqGZ2bgtwD2w7AkgKX76Ta/Muy3uuZkojOG9eT8VYShnjKsfotbOGYsWUXnFNDd8n0jDfHv6ieVc4UoCTqxwycxj5FLjCV3s+AoiCniPqcdRfgjMGxcL9kFJS8KKzyvcFS8Hz/2r6fl69hJdRAjViIunhA7yoRc9bGNvQ54blJ/ykHzoaG/o6fPdkG2pbFqCXLYm0JbFpXKao3Hk8l8xdBBFXgUU57LQKkdGNvIgerHoLmgwyd0p5LVT78iwl6Y4cGZDnGs9QR5osLn2WKdECyOpj6n0wBmy6uf4xCGcH9AJ+ZafvxqBb21YNHxRUAnncf8/tqrelHM=
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="encryptionCertificate"

MIIC8jCCAdqgAwIBAgIQc/xsSmk91Y1Cfufo32bE1DANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDEypBREZTIEVuY3J5cHRpb24gLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wHhcNMjAwMzMwMjAyMTA0WhcNMjEwMzMwMjAyMTA0WjA1MTMwMQYDVQQDEypBREZTIEVuY3J5cHRpb24gLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIli4ws8yF3S6CBrtILXyc+YBVZrdkf8nA0Jp1N+8VDRvC7pB8pkOB2zlWZxb0w72QgwKNLOlSGqc2O06/VHXwrOdBqqGLh9rPG5nygMjoiXoZ82/gu+OZHH4e5LEY7BBZ6HME/jCXdu0Y4e6tjLuDXusxDOGeT4xYeFCV6VRlW6O153cR13FNaslndeEhweVvVuvdsOGB2yY3Uuv4x+RJesxCikSYg6g306Xin6vcbuMJ427bSCrGZZw3iaMQQcBwIkPQ3/c1hC7Z5CJ4I2rcIW91tgCMS5pQxHR2IRjC82Z1Snwj1KHo9opK8xy3MY1csc+ezwRTKE0uhroMa9GVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAB2Rp5BymejVGQL4a2d2OkvK8tt0e1f8/vgcomCEMETPoDa0UWJ4JTVgsf0PAWa5Sf/t68TsDaTm4Xom8ZMLov7WUqEkA1zSZr2IaZ/ozIvNH94aYv4MY99MHK5eJoOqjau0Tc4Us2j0teoVAGmuCYL/H9i34tZ2ExLJzp1SO1/35tGFmEajPVfOb6o9RZX2aZtc/i+dffuf9mRWLm1ujmHITntgP7kJYhehTOCfGLbwuMmR4jZhLCzrXkAAqX+m3Odpiq9Q0/8cvuzyIdyiftNYYoMj8b1f8Q2snjQtxE9juoXs5k1xOgxke3X2SRrQgNQ7zFSLKP1TURJpG98WqF0=
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userCreditAssignment"

-1
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="groups"


------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userType"

arcgisonly
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="f"

pjson
------WebKitFormBoundaryc6E2kBLlZBZPaIyb--

Description

The Register IDP operation (POST only) allows organization administrators to configure enterprise login using a single identity provider (IDP). Configuring enterprise login allows members of your organization to sign in to your organization using the same logins they use to access your enterprise information systems without creating additional logins. ArcGIS Online and ArcGIS Enterprise are compliant with SAML 2.0 and integrate with IDPs that support SAML 2 web single sign-on for securely exchanging authentication and authorization data between your organization and ArcGIS Online or ArcGIS Enterprise as a service provider (SP). An organization can be set up using either a single IDP or a federation, but not both.

Request parameters

ParameterDetails
name

The identity provider name.

idpMetadataFile

Metadata file that contains information about the IDP. One can also specify the settings using idpMetadataUrl or bindingUrl, postBindingUrl, and certificate parameters alternatively.

idpMetadataUrl

Metadata URL that returns information about the IDP.

bindingUrl

The HTTP redirect binding IDP's URL that your organization uses to allow a member to sign in.

postBindingUrl

The HTTP POST binding IDP's URL that your organization uses to allow a member to sign in.

certificate

Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

logoutUrl

IDP URL used to sign out a signed-in user (automatically set if the property is specified in the IDP metadata file).

entityId

Entity ID used to identify the organization in IDP.

signUpMode

Specifies whether enterprise members join the organization automatically or through an invitation.

Values: Automatic | Invitation

encryptionSupported

If true, it indicates to the identity provider that encrypted SAML assertion responses are supported. The default is false.

Values: true | false

roleId

the default role members are assigned. This is used when signUpMode is Automatic.

supportSignedRequest

If true, the organization signs the SAML authentication request sent to the IDP. The default is false.

Values: true | false

useSHA256

If true, the organization signs the request using the SHA-256 hash function. This is used when supportSignedRequest is true. The default is false.

Values: true | false

supportsLogoutRequest

If true, signing out of the organization propagates logout of the IDP. The default is false.

Values: true | false

level
Legacy:

This parameter has been deprecated as of ArcGIS Enterprise 10.7 and the December 2018 update of ArcGIS Online. Users should instead use the userLicenseType parameter below.

Default license level members are assigned. This is used when signUpMode is Automatic.

userLicenseType

Default user license type members are assigned. This is used when signUpMode is Automatic.

groups

An array of group members are added upon joining the organization. This is used when signUpMode is Automatic.

Example

["6dc1a6f134b44ebb8d1f1b55f0ad8753","538553267d36484daee14bf60105e119"]
userCreditAssignment

Specific credit allocation for each joining member or to the default organization limit with -1. This is used when the organization has credit budgeting enabled.

updateProfileAtSignin

If true, automatically syncs user account information (that is, full name and email address) stored in your organization with the information received from the IDP. The default is false.

Values: true | false

updateGroupsAtSignin

If true, enables SAML-based group membership that allows organization members to link specified SAML-based enterprise groups to your organization's groups during group creation. The default is false.

Values: true | false

userType

Determines if new members will have Esri access (both) or if Esri access will be disabled (arcgisonly). The default value is arcgisonly.

Note:

While this parameter only applies to ArcGIS Online, the value for this parameter will still be passed through in ArcGIS Enterprise requests for this operation. This will have no impact on your ArcGIS Enterprise organization.

Values: arcgisonly | both

f

The response format. The default format is html.

Values: html | json | pjson

Response properties

PropertyDetails
success

Indicates if the operation was successful.

idpId

The ID of the organization IDP registration.

JSON Response syntax

{
	 "success": true,
	 "idpId": "<idpId>"
}

JSON Response example

{
	 "success": true,
	 "idpId": "wmwHndkeZHZxOg45"
}