ArcGIS REST API

Register IDP

Description

The register identity provider (IDP) operation (POST only) allows organization administrator to configure enterprise login using a single IDP. Configuring enterprise login allows members of your organization to sign in to ArcGIS Online using the same logins they use to access your enterprise information systems without creating additional logins within the ArcGIS Online system. ArcGIS Online is compliant with SAML 2.0 and integrates with IDPs that support SAML 2 web single sign-on for securely exchanging authentication and authorization data between your organization and ArcGIS Online as a service provider (SP). An ArcGIS Online organization can be set up using either a single IDP or a federation, but not both.

Request Parameters

ParameterDetails
[Common Parameters]

For a complete listing, see common parameters.

name

The identity provider name.

idpMetadataFile

Metadata file that contains information about the IDP. One can also specify the settings using idpMetadataUrl or bindingUrl, postBindingUrl and certificate parameters alternatively.

idpMetadataUrl

Metadata URL that returns information about the IDP.

bindingUrl

The HTTP redirect binding IDP's URL that ArcGIS Online uses to allow a member to sign in.

postBindingUrl

The HTTP POST binding IDP's URL that ArcGIS Online uses to allow a member to sign in.

certificate

Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

logoutUrl

IDP URL used to sign out a signed-in user (automatically set if the property is specified in the IDP metadata file).

entityId

Entity ID used to identify the ArcGIS Online organization in IDP.

signUpMode

Enterprise members joining mode to the organization, automatically or through an invitation.

Supported Values: Automatic | Invitation

encryptionSupported

If true, it indicates to the identity provider that encrypted SAML assertion responses are supported.

roleId

Default role members are assigned, used when signUpMode=Automatic.

supportSignedRequest

If true, organization signs the SAML authentication request sent to the IDP.

useSHA256

If true, organization signs request using SHA-256 hash function, used when supportSignedRequest=true.

supportLogoutRequest

If true, signing out of the organization propagates logout of the IDP.

userLicenseType

Default user license type members are assigned, used when signUpMode=Automatic.

groups

An array of groups members are added upon joining the organization, used when signUpMode=Automatic.

Example: ["6dc1a6f134b44ebb8d1f1b55f0ad8753","538553267d36484daee14bf60105e119"]

userCreditAssignment

Used when organization has credit budgeting enabled, specific credit allocation for each joining member or to the default organization limit with -1.

updateProfileAtSignin

If true, automatically sync user account information (i.e. full name and email address) stored in ArcGIS Online with the information received from the IDP.

updateGroupsAtSignin

If true, it enables SAML based group membership that allows organization members to link specified SAML-based enterprise groups to ArcGIS Online groups during group creation.

Response Properties

PropertyDetails
success

Indicates if the operation was successful.

idpId

The ID of the organization IDP registration.

Example Usage

URL for Register IDP

https://www.arcgis.com/sharing/rest/portals/J423vH8fR9HV444l/idp/register

JSON Response Syntax

{
	"success": true,
	"idpId": "<idpId>"
}

JSON Response Example

{
	"success": true,
	"idpId": "wmwHndkeZHZxOg45"
}