- URL:https://[root]/portals/[portalID]/idp/federation
Example usage
Below is a sample ArcGIS Online request URL used to access the federation resource:
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp/federation?f=pjsonBelow is a sample ArcGIS Enterprise request URL used to access the federation resource:
https://machine.domain.com/webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/federation?f=pjsonDescription
List organization identity federation information configured using a federation of identity providers, such as SWITCHaai.
Request parameters
| Parameter | Details |
|---|---|
| f | The response format. The default format is html. Values: html | json | pjson |
Response properties
| Property | Details |
|---|---|
| id | The organization identity federation ID. |
| name | The SAML federation name. |
| discoveryServiceUrl | SAML federation discovery service URL. |
| metadataServiceUrl | SAML federation aggregate metadata service URL. |
| certificate | Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. |
| entityId | Entity ID used to identify the organization in SAML federation. |
| signUpMode | Enterprise members joining mode to the organization, automatically or through an invitation. Supported values: Automatic | Invitation |
| encryptionSupported | If true, it indicates to SAML federation that encrypted SAML assertion responses are supported. Values: true | false |
| roleId | The default role members are assigned, used when signUpMode is Automatic. |
| supportSignedRequest | If true, your organization signs the SAML authentication request sent to the IDP federation. Values: true | false |
| useSHA256 | If true, your organization signs requests using the SHA-256 hash function, applicable when supportSignedRequest is true. Values: true | false |
| supportsLogoutRequest | If true, signing out of the organization also prompts logout of the IDP. Values: true | false |
| userLicenseType | The default user license type members are assigned, used when signUpMode is Automatic. |
| groups | An array of groups members are added upon joining the organization, used when signUpMode=Automatic. Example |
| updateProfileAtSignin | If true, the user account information (full name and email address) stored in your organization is automatically synced with the information received from the IDP. Values: true | false |
JSON Response syntax
{
"id": "<organization identity federation ID>",
"name": "<SAML federation name>",
"discoveryServiceUrl": "<path to discovery service>",
"metadataServiceUrl": "<path to metadata service>",
"certificate": "<certificate text>",
"entityId": "<entity id>",
"signUpMode": "Automatic | Invitation"
"encryptionSupported": true | false,
"roleId": "<role id>",
"supportSignedRequest": true | false,
"useSHA256": true | false,
"supportsLogoutRequest": true | false,
"userLicenseType": "<user license type ID>",
"groups": "["group id1", "group id2"]",
"updateProfileAtSignin": true | false
}JSON Response example
{
"id": "WXpNWCKvSxNJ8K7D",
"name": "My SAML federation",
"discoveryServiceUrl": "https://discovery.example.com",
"metadataServiceUrl": "https://metadata.example.com",
"certificate": "",
"entityId": "org.maps.arcgis.com",
"signUpMode": "Automatic",
"encryptionSupported": false,
"roleId": "org_user",
"supportSignedRequest": false,
"supportsLogoutRequest": false,
"userLicenseType": "editorUT",
"groups": "["6dc1a6f134b44ebb8d1f1b55f0ad8753"]",
"updateProfileAtSignin": true
}