Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Your Own Authentication System with ArcGIS Online

Published byNathaniel Greene Modified over 7 years ago

Similar presentations

Presentation on theme: "Using Your Own Authentication System with ArcGIS Online"— Presentation transcript:

1 Using Your Own Authentication System with ArcGIS Online
Carsten Piepel

2 Overview At the end of this demo theater you will know how to configure Enterprise logins, which will allow your organization’s users to log in to ArcGIS Online using the same logins that they use to access your enterprise information systems

3 Account Creation Options for Adding Members
Built-in ArcGIS Accounts: Pre-create user accounts Invite users using pre- established usernames Invite existing users Enterprise Accounts: Automatic account creation on first login By invitation

4 Why Enterprise Logins? No need to remember multiple logins
Provide single sign-on user experience Simplify organizational change management Optionally eliminate need to invite users explicitly Enforce password policies not available in ArcGIS Online

5 Enterprise Login Concepts
Enterprise logins feature relies on Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile SAML distinguishes three roles: The principal: Typically a user, but could be an application as well The service provider: Here, ArcGIS Online The identity provider: Your organization’s authentication system

6 Prerequisites An ArcGIS Online organizational subscription
A user store, e.g. Active Directory or LDAP An identity provider that supports SAML 2.0 Web Browser SSO Profile The following parameters: Identity provider metadata URL or Identity provider metadata file or Identity provider metadata properties and X.509 certificate

7 Identity Provider Certified identity providers for ArcGIS Online:
Active Directory Federation Services (AD FS) 2.0 and later NetIQ Access Manager 3.2 and later OpenAM and later Shibboleth 3.2 and later SimpleSAMLphp 1.10 and later Other identity providers that organizations are using successfully: CA SiteMinder Oracle Identity Manager Okta

8 Service Provider Initiated Logins
ArcGIS Service Provider (1) Request Access (2) Redirect to Login URL (5) Use ArcGIS Online (3) Verify User Identity User (4) Redirect to Target URL (with SAML Assertion) Identity Provider * Option to use ArcGIS Account Firewall

9 Identity Provider Initiated Logins
ArcGIS Service Provider (3) Use ArcGIS Online (1) Sign-in (2) Redirect to Target URL (with SAML Assertion) Identity Provider User * No option to use ArcGIS Account Firewall

10 Identity Provider Configuration
ArcGIS Online requires information to be included in the SAML assertion: Name ID: Username. ArcGIS Online username will be NameID_<url_key_for_org> Given Name (optional): The user’s full name, e.g. first and last name Address (optional): The user’s address Set up your IDP to include this information in the SAML response

11 Demonstration

12 Migrating to Enterprise Logins
Not all apps support Enterprise logins Generally, Esri off-the-shelf apps work with Enterprise logins Be mindful of user’s content and group membership when migrating existing users to Enterprise logins Be mindful of not exceeding your named user limit Use tools: ArcGIS Online Assistant ( Geo Jobe AdminTools (

13 Portal for ArcGIS In addition to SAML, also supports Enterprise logins via web-tier authentication or portal-tier authentication Available with Portal for ArcGIS 10.3 or later Offers Enterprise logins and Enterprise groups Group membership can be determined automatically based on LDAP or Active Directory groups

14 Help Resources Set up Enterprise Logins: online/administer/enterprise-logins.htm Configure Active Directory Federation Services: online/reference/configure-adfs.htm Migrating to enterprise logins: admin-wiki/wiki/Migrating-to-enterprise-logins Contact:

Download ppt "Using Your Own Authentication System with ArcGIS Online"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.

Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.

Shibboleth 2.0 IdP Training: Basics and Installation January, 2009.
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
© 2012 Cisco and/or its affiliates. All rights reserved. BRKUCC- 2004 Cisco Public (SAML) Single Sign-On (SSO) for Cisco Unified Communications 10.x By.

© 2012 Cisco and/or its affiliates. All rights reserved. BRKUCC Cisco Public (SAML) Single Sign-On (SSO) for Cisco Unified Communications 10.x By.
Integrating with UCSF’s Shibboleth system

Integrating with UCSF’s Shibboleth system
ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
Identity on Force.com & Benefits of SSO Nick Simha.

Identity on Force.com & Benefits of SSO Nick Simha.

Similar presentations

Ads by Google