Skip To Content

/[idpID]: IDP

  • URL:Without a registered IDP
    https://[root]/portals/[portalID]/idp
    With a registered IDP
    https://[root]/portals/[portalID]/idp/[idpID]
  • Operations:Register, Update, Unregister
  • Child Resources:

Example usage

Below is a sample ArcGIS Online request URL used to access the idp resource:

https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp

Once an IDP has been registered, the ID will be appended to the URL when viewing the JSON or PJSON view of the idp resource:

https://org.arcgis.com/sharing/rest/portals/0123456789ABCDEF/idp/wmwHndkeZHZxOg45?f=pjson

Below is a sample ArcGIS Enterprise request URL used to access the idp resource with a reigstered IDP:

https://machine.domain.com/webadaptor/sharing/rest/portals/0123456789ABCDEF/idp/wmwHndkeZHZxOg45?f=pjson

Description

List organization identity federation information configured using a single identity provider such as Active Directory Federation Services (ADFS) 2.0 and later, Okta, NetIQ Access Manager 3.2 and later, OpenAM 10.1.0 and later, Shibboleth 3.2 and later, etc.

Request parameters

ParameterDetails
f

The response format. The default format is html.

Values: html | json | pjson

Response properties

PropertyDetails
id

The organization identity federation ID.

name

The identity provider name.

bindingUrl

The HTTP redirect binding IDP's URL that your organization uses to allow a member to sign in.

postBindingUrl

The HTTP POST binding IDP's URL that your organization uses to allow a member to sign in.

certificate

A base64-encoded certificate text used to validate metadata service, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

logoutUrl

The IDP URL used to sign out a signed-in user (automatically set if the property is specified in the IDP metadata file).

entityId

The entity ID used to identify the organization in the identity provider.

signUpMode

The joining mode to the organization for enterprise members, either automatically or through an invitation.

Values: Automatic | Invitation

encryptionSupported

If true, it indicates to the identity provider that encrypted SAML assertion responses are supported.

Values: true | false

roleId

The default role members are assigned. This property is used when signUpMode is Automatic.

supportSignedRequest

If true, the organization signs the SAML authentication request sent to the IDP.

Values: true | false

useSHA256

If true, the organization signs request using SHA-256 hash function, used when supportSignedRequest is true.

Values: true | false

supportLogoutRequest

If true, signing out of the organization propagates logout of the IDP.

Values: true | false

groups

An array of groups members are added upon joining the organization, used when signUpMode=Automatic.

Example

groups=["6dc1a6f134b44ebb8d1f1b55f0ad8753","538553267d36484daee14bf60105e119"]
userCreditAssignment

Used when organization has credit budgeting enabled, specific credit allocation for each joining member or to the default organization limit with -1.

updateProfileAtSignin

If true, user account information (i.e. full name and email address) stored in your organization is automatically synced with the information received from the IDP.

Values: true | false

updateGroupsAtSignin

If true, it enables SAML based group membership that allows organization members to link specified SAML-based enterprise groups during group creation.

Values: true | false

userType

Determines if new members will have Esri access (both) or if Esri access will be disabled (arcgisonly). The default value is arcgisonly.

Nota:

While this parameter only applies to ArcGIS Online, the value for this parameter will still be passed through in ArcGIS Enterprise requests for this operation. This will have no impact on your ArcGIS Enterprise organization.

Values: arcgisonly | both

userLicenseType

The default user license type members are assigned, used when signUpMode is Automatic.

JSON Response syntax


{
  "id": "<organization identity federation ID>",
  "name": "<IDP name>",
  "bindingUrl": "<path to redirect login URL>",
  "bindingPostUrl": "<path to post login URL>",
  "logoutUrl": "<path to logout URL>",
  "signUpMode": "Automatic | Invitation",
  "certificate": "<certificate text>",
  "encryptionSupported": <true | false>,
  "entityId": "<entity id>",
  "roleId": "<role id>",
  "supportSignedRequest": <true | false>,
  "useSHA256": <true | false>,
  "supportsLogoutRequest": <true | false>,
  "userCreditAssignment": -1,
  "groups": [
    "<group id 1>",
    "<group id 2>"
  ],
  "updateProfileAtSignin": <true | false>,
  "updateGroupsAtSignin": <true | false>,
  "userType": <user type>,
  "userLicenseType": "<user license type ID>"
}

JSON Response example


{
  "id": "wmwHndkeZHZxOg45",
  "name": "My IDP",
  "bindingUrl": "https://redirectlogin.example.com",
  "bindingPostUrl": "https://postlogin.example.com",
  "logoutUrl": "https://logouturl.example.com",
  "signUpMode": "Automatic",
  "certificate": "",
  "encryptionSupported": false,
  "entityId": "org.maps.arcgis.com",
  "roleId": "org_user",
  "userLicenseType": "editorUT",
  "supportSignedRequest": true,
  "useSHA256": true,
  "supportsLogoutRequest": true,
  "userCreditAssignment": -1,
  "groups": [
    "920f779b7746422180304d840e66fa17",
    "bcc550e72f5c4312906fd4ca27999a8c"
  ],
  "updateProfileAtSignin": true,
  "updateGroupsAtSignin": false,
  "userType": null,
  "userLicenseType": null
}