idp's Introduction

IDP

Purpose: Instructions for configuring SAML-compliant Identity Providers in conjunction with an ArcGIS implementation.

Instructions

If you'd like to contribute to this repository, or have feedback regarding the content, you're welcome to create an Issue or contact our team via this email alias: [email protected]. For ArcGIS product support, please contact Esri Support.

We will review all submittals for content and clarity, but welcome any style of writing.

Info

This repo is being released in the first quarter of 2021, initially including a small subsection of all IDP documentation. If you cannot find the documentation you're looking for, please visit the ArcGIS documentation in the Useful Links section.

Esri does not maintain individual submittals to this repository. That which is published here is deemed accurate at the time of publication, for the software version(s) indicated.

Useful links

For general information about configuring SAML logins, please refer to the ArcGIS documentation pages:

ArcGIS Online https://doc.arcgis.com/en/arcgis-online/reference/faq.htm

ArcGIS Enterprise https://enterprise.arcgis.com/en/

Issues

Find a bug or want to request a new feature? Please let us know by submitting an issue.

Contributing

Esri welcomes contributions from anyone and everyone. Please see our guidelines for contributing.

Licensing

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

A copy of the license is available in the repository's license.txt file.

Tags: [] IDP [] Authentication

idp's People

Contributors

Stargazers

Watchers

idp's Issues

AWS Cognito: Did not receive `user profile` parameter from provider

We've just been through the Cognito guide on an ArcGIS Enterprise 10.9.1 and also on an ArcGIS online instance and the configuration seems to align to the guide as we expected.

However whenever a user attempts to sign in using cognito they successfully authenticate with cognito, and get redirected back to the ArcGIS enterprise site, but the following error is displayed

Any ideas on what is causing this or where we might have gone wrong?

Configure Google Workspace SAML IDP documentation does not describe how to add an attribute to carry email addresses over into ArcGIS Online

The Esri documentation for how to configure a SAML IDP using Google Workspace does not include steps to pass in email addresses to ArcGIS Online, which is crucial when setting up a log in for administrators, even though it is mentioned previously in the documentation that ArcGIS Online supports this.

When following the steps outlined in this documentation, the users will not have email addresses associated with their account, meaning that they cannot be Administrative Contacts and may see issues when attempting to change organization administrators to an account associated with this SAML IDP.

Esri documentation for setting up other SAML providers include steps for mapping givenName, surName, and mail attributes (examples: NetIQ Access Manager and Okta), but the Google Workspace documentation does not.

The steps to Add a Custom Attribute, fill out that Attribute for the user, and then add the Custom Attribute to the SAML attribute mapping are outlined in the steps below:

Create a Custom Attribute:.
- Google Admin > Home > Users panel, Manage > More Options > Manage Custom Attributes > Add Custom Attribute.
- Category: Email.
- Name: Email.
- Type: Email.
- No. of values: Single Value.
Fill out the Email attribute for the user.
- Google Admin > Users > Select user > Expand User Information > Scroll to Email and edit this to include the desired email address.
Add a new attribute in the Attribute Mapping setting of the SAML IDP (same process as Steps 20-21 here).
- Select the new Email attribute created above and save changes.
- After these steps are complete, ensure that Update profiles on log in is enabled in the ArcGIS Online organization (Organization tab > Settings > Security > Log ins, configure SAML Login > Advanced Settings), and now the email address will be populated in the account settings once users log out and log in back.

Esri Enterprise/Portal Configuration for AWS Cognito

Hello,

I noticed that you have compiled documentation for using AWS Cognito as an Identity Store for AGOL. Does such functionality and documentation exist for ArcGIS Enterprise? Thank you.

Cheers,
Blair

Recommend Projects

esri / idp Goto Github PK