- URL:https://[root]/portals/[portalID]/idp/register(POST only)
Example usage
Below is a sample ArcGIS Online multipart POST request for the register operation:
POST /sharing/rest/portals/0123456789ABCDEF/idp/register HTTP/1.1
Host: org.arcgis.com
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Length: []
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="name"
SAML / ADFS
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="signUpMode"
Automatic
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="entityId"
org.domain.com.portal
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="roleId"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="level"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userLicenseType"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="idpMetadataUrl"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="idpMetadataFile"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="bindingUrl"
https://domain.com.com/adfs/ls/idpinitiatedsignon.aspx
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="postBindingUrl"
https://domain.com.com/adfs/ls/idpinitiatedsignon.aspx
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="logoutUrl"
https://domain.com.com/adfs/ls/
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="certificate"
MIIC7DCCAdSgAwIBAgIQFbBmTUp9fKJJB/elgcdwxzANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wHhcNMjAwMzMwMjAyMTA0WhcNMjEwMzMwMjAyMTA0WjAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2gmwU3Iw8GkNBGiVF3bigUdBmfMsLYOZVZVSUs9Dhv4i5KTjGyDY5ToR7G/Y4ie5C847IXkoVO9Zaywyd7DFuZIrDm34zjs7UkaTXMRwE9C42ndpktARiX2gIvaM9ZC/By71NidtNL3nXEwW0MYufgKRnX39GgEfBdgbr1Hv1R3tjb4OvX4bHthWjN30IW9jcYLOIB9eR8Mwtd45xGLZlXi2rqFta+amGB2jh87nJQawJP5WnUa+AHz1wsK3Q3reiEEiPUtfv/9wvjcbYy9rhuiuR9kgcvP9wzMjWOsjQeYm0hjEmXHb/rB/VeNcr+aXNsqb0CnFNsJeI0cmPN3bLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGD+hPYcGxHnJqGZ2bgtwD2w7AkgKX76Ta/Muy3uuZkojOG9eT8VYShnjKsfotbOGYsWUXnFNDd8n0jDfHv6ieVc4UoCTqxwycxj5FLjCV3s+AoiCniPqcdRfgjMGxcL9kFJS8KKzyvcFS8Hz/2r6fl69hJdRAjViIunhA7yoRc9bGNvQ54blJ/ykHzoaG/o6fPdkG2pbFqCXLYm0JbFpXKao3Hk8l8xdBBFXgUU57LQKkdGNvIgerHoLmgwyd0p5LVT78iwl6Y4cGZDnGs9QR5osLn2WKdECyOpj6n0wBmy6uf4xCGcH9AJ+ZafvxqBb21YNHxRUAnncf8/tqrelHM=
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="encryptionCertificate"
MIIC8jCCAdqgAwIBAgIQc/xsSmk91Y1Cfufo32bE1DANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDEypBREZTIEVuY3J5cHRpb24gLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wHhcNMjAwMzMwMjAyMTA0WhcNMjEwMzMwMjAyMTA0WjA1MTMwMQYDVQQDEypBREZTIEVuY3J5cHRpb24gLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIli4ws8yF3S6CBrtILXyc+YBVZrdkf8nA0Jp1N+8VDRvC7pB8pkOB2zlWZxb0w72QgwKNLOlSGqc2O06/VHXwrOdBqqGLh9rPG5nygMjoiXoZ82/gu+OZHH4e5LEY7BBZ6HME/jCXdu0Y4e6tjLuDXusxDOGeT4xYeFCV6VRlW6O153cR13FNaslndeEhweVvVuvdsOGB2yY3Uuv4x+RJesxCikSYg6g306Xin6vcbuMJ427bSCrGZZw3iaMQQcBwIkPQ3/c1hC7Z5CJ4I2rcIW91tgCMS5pQxHR2IRjC82Z1Snwj1KHo9opK8xy3MY1csc+ezwRTKE0uhroMa9GVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAB2Rp5BymejVGQL4a2d2OkvK8tt0e1f8/vgcomCEMETPoDa0UWJ4JTVgsf0PAWa5Sf/t68TsDaTm4Xom8ZMLov7WUqEkA1zSZr2IaZ/ozIvNH94aYv4MY99MHK5eJoOqjau0Tc4Us2j0teoVAGmuCYL/H9i34tZ2ExLJzp1SO1/35tGFmEajPVfOb6o9RZX2aZtc/i+dffuf9mRWLm1ujmHITntgP7kJYhehTOCfGLbwuMmR4jZhLCzrXkAAqX+m3Odpiq9Q0/8cvuzyIdyiftNYYoMj8b1f8Q2snjQtxE9juoXs5k1xOgxke3X2SRrQgNQ7zFSLKP1TURJpG98WqF0=
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userCreditAssignment"
-1
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="groups"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userType"
arcgisonly
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="f"
pjson
------WebKitFormBoundaryc6E2kBLlZBZPaIyb--Below is a sample ArcGIS Enterprise multipart POST request for the register operation:
POST /webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/register HTTP/1.1
Host: machine.domain.com
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Length: []
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="name"
SAML / ADFS
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="signUpMode"
Automatic
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="entityId"
org.domain.com.portal
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="roleId"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="level"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userLicenseType"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="idpMetadataUrl"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="idpMetadataFile"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="bindingUrl"
https://domain.com.com/adfs/ls/idpinitiatedsignon.aspx
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="postBindingUrl"
https://domain.com.com/adfs/ls/idpinitiatedsignon.aspx
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="logoutUrl"
https://domain.com.com/adfs/ls/
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="certificate"
MIIC7DCCAdSgAwIBAgIQFbBmTUp9fKJJB/elgcdwxzANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wHhcNMjAwMzMwMjAyMTA0WhcNMjEwMzMwMjAyMTA0WjAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2gmwU3Iw8GkNBGiVF3bigUdBmfMsLYOZVZVSUs9Dhv4i5KTjGyDY5ToR7G/Y4ie5C847IXkoVO9Zaywyd7DFuZIrDm34zjs7UkaTXMRwE9C42ndpktARiX2gIvaM9ZC/By71NidtNL3nXEwW0MYufgKRnX39GgEfBdgbr1Hv1R3tjb4OvX4bHthWjN30IW9jcYLOIB9eR8Mwtd45xGLZlXi2rqFta+amGB2jh87nJQawJP5WnUa+AHz1wsK3Q3reiEEiPUtfv/9wvjcbYy9rhuiuR9kgcvP9wzMjWOsjQeYm0hjEmXHb/rB/VeNcr+aXNsqb0CnFNsJeI0cmPN3bLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGD+hPYcGxHnJqGZ2bgtwD2w7AkgKX76Ta/Muy3uuZkojOG9eT8VYShnjKsfotbOGYsWUXnFNDd8n0jDfHv6ieVc4UoCTqxwycxj5FLjCV3s+AoiCniPqcdRfgjMGxcL9kFJS8KKzyvcFS8Hz/2r6fl69hJdRAjViIunhA7yoRc9bGNvQ54blJ/ykHzoaG/o6fPdkG2pbFqCXLYm0JbFpXKao3Hk8l8xdBBFXgUU57LQKkdGNvIgerHoLmgwyd0p5LVT78iwl6Y4cGZDnGs9QR5osLn2WKdECyOpj6n0wBmy6uf4xCGcH9AJ+ZafvxqBb21YNHxRUAnncf8/tqrelHM=
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="encryptionCertificate"
MIIC8jCCAdqgAwIBAgIQc/xsSmk91Y1Cfufo32bE1DANBgkqhkiG9w0BAQsFADA1MTMwMQYDVQQDEypBREZTIEVuY3J5cHRpb24gLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wHhcNMjAwMzMwMjAyMTA0WhcNMjEwMzMwMjAyMTA0WjA1MTMwMQYDVQQDEypBREZTIEVuY3J5cHRpb24gLSBycHVid2lubG0wMS5hZ3MuZXNyaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIli4ws8yF3S6CBrtILXyc+YBVZrdkf8nA0Jp1N+8VDRvC7pB8pkOB2zlWZxb0w72QgwKNLOlSGqc2O06/VHXwrOdBqqGLh9rPG5nygMjoiXoZ82/gu+OZHH4e5LEY7BBZ6HME/jCXdu0Y4e6tjLuDXusxDOGeT4xYeFCV6VRlW6O153cR13FNaslndeEhweVvVuvdsOGB2yY3Uuv4x+RJesxCikSYg6g306Xin6vcbuMJ427bSCrGZZw3iaMQQcBwIkPQ3/c1hC7Z5CJ4I2rcIW91tgCMS5pQxHR2IRjC82Z1Snwj1KHo9opK8xy3MY1csc+ezwRTKE0uhroMa9GVAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAB2Rp5BymejVGQL4a2d2OkvK8tt0e1f8/vgcomCEMETPoDa0UWJ4JTVgsf0PAWa5Sf/t68TsDaTm4Xom8ZMLov7WUqEkA1zSZr2IaZ/ozIvNH94aYv4MY99MHK5eJoOqjau0Tc4Us2j0teoVAGmuCYL/H9i34tZ2ExLJzp1SO1/35tGFmEajPVfOb6o9RZX2aZtc/i+dffuf9mRWLm1ujmHITntgP7kJYhehTOCfGLbwuMmR4jZhLCzrXkAAqX+m3Odpiq9Q0/8cvuzyIdyiftNYYoMj8b1f8Q2snjQtxE9juoXs5k1xOgxke3X2SRrQgNQ7zFSLKP1TURJpG98WqF0=
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userCreditAssignment"
-1
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="groups"
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="userType"
arcgisonly
------WebKitFormBoundaryc6E2kBLlZBZPaIyb
Content-Disposition: form-data; name="f"
pjson
------WebKitFormBoundaryc6E2kBLlZBZPaIyb--Description
The Register IDP operation (POST only) allows organization administrators to configure enterprise login using a single identity provider (IDP). Configuring enterprise login allows members of your organization to sign in to your organization using the same logins they use to access your enterprise information systems without creating additional logins. ArcGIS Online and ArcGIS Enterprise are compliant with SAML 2.0 and integrate with IDPs that support SAML 2 web single sign-on for securely exchanging authentication and authorization data between your organization and ArcGIS Online or ArcGIS Enterprise as a service provider (SP). An organization can be set up using either a single IDP or a federation, but not both.
Request parameters
| Parameter | Details |
|---|---|
| name | The identity provider name. |
| idpMetadataFile | Metadata file that contains information about the IDP. One can also specify the settings using idpMetadataUrl or bindingUrl, postBindingUrl, and certificate parameters alternatively. |
| idpMetadataUrl | Metadata URL that returns information about the IDP. |
| bindingUrl | The HTTP redirect binding IDP's URL that your organization uses to allow a member to sign in. |
| postBindingUrl | The HTTP POST binding IDP's URL that your organization uses to allow a member to sign in. |
| certificate | Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. |
| logoutUrl | IDP URL used to sign out a signed-in user (automatically set if the property is specified in the IDP metadata file). |
| entityId | Entity ID used to identify the organization in IDP. |
| signUpMode | Specifies whether enterprise members join the organization automatically or through an invitation. Values: Automatic | Invitation |
| encryptionSupported | If true, it indicates to the identity provider that encrypted SAML assertion responses are supported. The default is false. Values: true | false |
| roleId | the default role members are assigned. This is used when signUpMode is Automatic. |
| supportSignedRequest | If true, the organization signs the SAML authentication request sent to the IDP. The default is false. Values: true | false |
| useSHA256 | If true, the organization signs the request using the SHA-256 hash function. This is used when supportSignedRequest is true. The default is false. Values: true | false |
| supportsLogoutRequest | If true, signing out of the organization propagates logout of the IDP. The default is false. Values: true | false |
| level | Legacy:This parameter has been deprecated as of ArcGIS Enterprise 10.7 and the December 2018 update of ArcGIS Online. Users should instead use the userLicenseType parameter below. Default license level members are assigned. This is used when signUpMode is Automatic. |
| userLicenseType | Default user license type members are assigned. This is used when signUpMode is Automatic. |
| groups | An array of group members are added upon joining the organization. This is used when signUpMode is Automatic. Example |
| userCreditAssignment | Specific credit allocation for each joining member or to the default organization limit with -1. This is used when the organization has credit budgeting enabled. |
| updateProfileAtSignin | If true, automatically syncs user account information (that is, full name and email address) stored in your organization with the information received from the IDP. The default is false. Values: true | false |
| updateGroupsAtSignin | If true, enables SAML-based group membership that allows organization members to link specified SAML-based enterprise groups to your organization's groups during group creation. The default is false. Values: true | false |
| userType | Determines if new members will have Esri access (both) or if Esri access will be disabled (arcgisonly). The default value is arcgisonly. Note:While this parameter only applies to ArcGIS Online, the value for this parameter will still be passed through in ArcGIS Enterprise requests for this operation. This will have no impact on your ArcGIS Enterprise organization. Values: arcgisonly | both |
| f | The response format. The default format is html. Values: html | json | pjson |
Response properties
| Property | Details |
|---|---|
| success | Indicates if the operation was successful. |
| idpId | The ID of the organization IDP registration. |
JSON Response syntax
{
"success": true,
"idpId": "<idpId>"
}JSON Response example
{
"success": true,
"idpId": "wmwHndkeZHZxOg45"
}