Skip To Content

federation: Federation

  • URL:https://[root]/portals/[portalID]/idp/federation

Example usage

Below is a sample ArcGIS Online request URL used to access the federation resource:

https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp/federation?f=pjson

Below is a sample ArcGIS Enterprise request URL used to access the federation resource:

https://machine.domain.com/webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/federation?f=pjson

Description

List organization identity federation information configured using a federation of identity providers, such as SWITCHaai.

Request parameters

ParameterDetails
f

The response format. The default format is html.

Values: html | json | pjson

Response properties

PropertyDetails
id

The organization identity federation ID.

name

The SAML federation name.

discoveryServiceUrl

SAML federation discovery service URL.

metadataServiceUrl

SAML federation aggregate metadata service URL.

certificate

Base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

entityId

Entity ID used to identify the organization in SAML federation.

signUpMode

Enterprise members joining mode to the organization, automatically or through an invitation.

Supported values: Automatic | Invitation

encryptionSupported

If true, it indicates to SAML federation that encrypted SAML assertion responses are supported.

Values: true | false

roleId

The default role members are assigned, used when signUpMode is Automatic.

supportSignedRequest

If true, your organization signs the SAML authentication request sent to the IDP federation.

Values: true | false

useSHA256

If true, your organization signs requests using the SHA-256 hash function, applicable when supportSignedRequest is true.

Values: true | false

supportsLogoutRequest

If true, signing out of the organization also prompts logout of the IDP.

Values: true | false

userLicenseType

The default user license type members are assigned, used when signUpMode is Automatic.

groups

An array of groups members are added upon joining the organization, used when signUpMode=Automatic.

Example

"groups": ["6dc1a6f134b44ebb8d1f1b55f0ad8753","538553267d36484daee14bf60105e119"]
updateProfileAtSignin

If true, the user account information (full name and email address) stored in your organization is automatically synced with the information received from the IDP.

Values: true | false

JSON Response syntax


{
  "id": "<organization identity federation ID>",
  "name": "<SAML federation name>",
  "discoveryServiceUrl": "<path to discovery service>",
  "metadataServiceUrl": "<path to metadata service>",
  "certificate": "<certificate text>",
  "entityId": "<entity id>",
  "signUpMode": "Automatic | Invitation"
  "encryptionSupported": true | false,
  "roleId": "<role id>",
  "supportSignedRequest": true | false,
  "useSHA256": true | false,
  "supportsLogoutRequest": true | false,
  "userLicenseType": "<user license type ID>",
  "groups": "["group id1", "group id2"]",
  "updateProfileAtSignin": true | false
}

JSON Response example


{
  "id": "WXpNWCKvSxNJ8K7D",
  "name": "My SAML federation",
  "discoveryServiceUrl": "https://discovery.example.com",
  "metadataServiceUrl": "https://metadata.example.com",
  "certificate": "",
  "entityId": "org.maps.arcgis.com",
  "signUpMode": "Automatic",
  "encryptionSupported": false,
  "roleId": "org_user",
  "supportSignedRequest": false,
  "supportsLogoutRequest": false,
  "userLicenseType": "editorUT",
  "groups": "["6dc1a6f134b44ebb8d1f1b55f0ad8753"]",
  "updateProfileAtSignin": true
}