Join the UK Access Federation to enable Shibboleth authentication for UK Higher Education customers

Idea created by 1_hennermann on Oct 10, 2014
    New
    Score110
    We (Manchester University, UK) have an organizational ArcGIS Online subscription. I now want our users to be able to log into ArcGIS Online with their central university username and password. Our user accounts are managed centrally and exposed for federated access through Shibboleth. 

    There are two ways to implement Shibboleth authentication for UK Higher Education:

    (1) Esri's current procedure for setting up Shibboleth as identity provider for Enterprise Logins in ArcGIS Online: http://doc.arcgis.com/en/arcgis-online/reference/configure-shibboleth.htm
    This establishes a direct metadata trust between our University and ArcGIS Online. If there are multiple UK Higher Education customers (we have 200 HE institutions), each of them needs to implement this.

    (2) Esri could join the UK Access Management Federation (www.ukfederation.org.uk). UK universities normally ask cloud service providers to join the UK access federation rather than setting up a direct metadata trust. I understand the main benefit for the service provider (Esri) is that (a) being compliant with federation standards ensures attribute usage is consistent between IdP and service provider and (b) joining the federation makes federated access to ArcGIS.com available to all subscribing UK HE institutions in one go, instead of setting up each one individually.

    So, can Esri / ArcGIS.com please join the UK Access Management Federation?

    Related links:
    I initially raised this with Esri UK tech support, they asked me to post it here, arguing it is an enhancement request and not a technical fault.