- URL:Without a registered IDP
https://[root]/portals/[portalID]/idp
With a registered IDP
https://[root]/portals/[portalID]/idp/[idpID] - Operations:Register, Update, Unregister
- Child Resources:
Example usage
Below is a sample ArcGIS Online request URL used to access the idp resource:
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idpOnce an IDP has been registered, the ID will be appended to the URL when viewing the JSON or PJSON view of the idp resource:
https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp/wmwHndkeZHZxOg45?f=pjsonBelow is a sample ArcGIS Enterprise request URL used to access the idp resource with a reigstered IDP:
https://machine.domain.com/webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/wmwHndkeZHZxOg45?f=pjsonDescription
List organization identity federation information configured using a single identity provider such as Active Directory Federation Services (ADFS) 2.0 and later, Okta, NetIQ Access Manager 3.2 and later, OpenAM 10.1.0 and later, Shibboleth 3.2 and later, etc.
Request parameters
| Parameter | Details |
|---|---|
| f | The response format. The default format is html. Values: html | json | pjson |
Response properties
| Property | Details |
|---|---|
| id | The organization identity federation ID. |
| name | The identity provider name. |
| bindingUrl | The HTTP redirect binding IDP's URL that your organization uses to allow a member to sign in. |
| postBindingUrl | The HTTP POST binding IDP's URL that your organization uses to allow a member to sign in. |
| certificate | A base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. |
| logoutUrl | The IDP URL used to sign out a signed-in user (automatically set if the property is specified in the IDP metadata file). |
| entityId | The entity ID used to identify the organization in the identity provider. |
| signUpMode | The joining mode to the organization for enterprise members, either automatically or through an invitation. Values: Automatic | Invitation |
| encryptionSupported | If true, it indicates to the identity provider that encrypted SAML assertion responses are supported. Values: true | false |
| roleId | The default role members are assigned. This property is used when signUpMode is Automatic. |
| supportSignedRequest | If true, the organization signs the SAML authentication request sent to the IDP. Values: true | false |
| useSHA256 | If true, the organization signs request using SHA-256 hash function, used when supportSignedRequest is true. Values: true | false |
| supportLogoutRequest | If true, signing out of the organization propagates logout of the IDP. Values: true | false |
| groups | An array of groups members are added upon joining the organization, used when signUpMode=Automatic. Example |
| userCreditAssignment | Used when organization has credit budgeting enabled, specific credit allocation for each joining member or to the default organization limit with -1. |
| updateProfileAtSignin | If true, user account information (i.e. full name and email address) stored in your organization is automatically synced with the information received from the IDP. Values: true | false |
| updateGroupsAtSignin | If true, it enables SAML based group membership that allows organization members to link specified SAML-based enterprise groups during group creation. Values: true | false |
| userType | Determines if new members will have Esri access (both) or if Esri access will be disabled (arcgisonly). The default value is arcgisonly. Note:While this parameter only applies to ArcGIS Online, the value for this parameter will still be passed through in ArcGIS Enterprise requests for this operation. This will have no impact on your ArcGIS Enterprise organization. Values: arcgisonly | both |
| userLicenseType | The default user license type members are assigned, used when signUpMode is Automatic. |
JSON Response syntax
{
"id": "<organization identity federation ID>",
"name": "<IDP name>",
"bindingUrl": "<path to redirect login URL>",
"bindingPostUrl": "<path to post login URL>",
"logoutUrl": "<path to logout URL>",
"signUpMode": "Automatic | Invitation",
"certificate": "<certificate text>",
"encryptionSupported": <true | false>,
"entityId": "<entity id>",
"roleId": "<role id>",
"supportSignedRequest": <true | false>,
"useSHA256": <true | false>,
"supportsLogoutRequest": <true | false>,
"userCreditAssignment": -1,
"groups": [
"<group id 1>",
"<group id 2>"
],
"updateProfileAtSignin": <true | false>,
"updateGroupsAtSignin": <true | false>,
"userType": <user type>,
"userLicenseType": "<user license type ID>"
}JSON Response example
{
"id": "wmwHndkeZHZxOg45",
"name": "My IDP",
"bindingUrl": "https://redirectlogin.example.com",
"bindingPostUrl": "https://postlogin.example.com",
"logoutUrl": "https://logouturl.example.com",
"signUpMode": "Automatic",
"certificate": "",
"encryptionSupported": false,
"entityId": "org.maps.arcgis.com",
"roleId": "org_user",
"userLicenseType": "editorUT",
"supportSignedRequest": true,
"useSHA256": true,
"supportsLogoutRequest": true,
"userCreditAssignment": -1,
"groups": [
"920f779b7746422180304d840e66fa17",
"bcc550e72f5c4312906fd4ca27999a8c"
],
"updateProfileAtSignin": true,
"updateGroupsAtSignin": false,
"userType": null,
"userLicenseType": null
}