https://community.esri.com/t5/arcgis-online-questions/adding-enterprise-login-for-agol/m-p/679929#M33806 <HTML><HEAD></HEAD><BODY><P>thanks for your feedback Danny. We did get it done, it works great. AGO/ADFS via </P><P></P><P>in AD</P><P>-claims aware trust</P><P>-access control , permit specific group</P><P>-add relying party trust</P><P>-send LDAP attributes as claims</P><P>-dpwm;pad adfs federation metadata.xml</P><P></P><P>in AGO</P><P>-set enterprise login</P><P>-set identity provider via a&nbsp; metadata.xml file from-encrypt assertion, update profiles on sign in</P><P></P><P>then start inviting AGO members.</P></BODY></HTML> Thu, 16 May 2019 16:06:59 GMT CathleenAlmberg 2019-05-16T16:06:59Z https://community.esri.com/t5/arcgis-online-questions/adding-enterprise-login-for-agol/m-p/679927#M33804 <HTML><HEAD></HEAD><BODY><P>we too are changing our AGO member seats to active directory authentication. My question is, can ADFS/SAML be activated on JUST ONE active directory group? Does anyone out there in GIS world have a setup like this? I'm trying to gauge if this is common practice or if we are heading into uncharted waters.</P><P></P><P>your feedback is appreciated, thanks,</P><P>Cathy Almberg</P><P>GIS Specialist, City of Palm Coast FLorida</P><P><A href="mailto:calmberg@palmcoastgov.com">calmberg@palmcoastgov.com</A></P><P>386.986.3741</P></BODY></HTML> Tue, 08 Jan 2019 17:27:07 GMT https://community.esri.com/t5/arcgis-online-questions/adding-enterprise-login-for-agol/m-p/679927#M33804 CathleenAlmberg 2019-01-08T17:27:07Z https://community.esri.com/t5/arcgis-online-questions/adding-enterprise-login-for-agol/m-p/679928#M33805 <HTML><HEAD></HEAD><BODY><P>Cathy,</P><P>If I understand what you are asking, you want to know if you can limit the users who can sign in using SAML to your ArcGIS Online organization based on their membership in a particular AD group?</P><P></P><P>I would say the easiest way to accomplish this would be on the ADFS side of things using an Access Control Policy.&nbsp; See the following Microsoft doc on this:</P><P><A class="link-titled" href="https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-rule-to-permit-or-deny-users-based-on-an-incoming-claim" title="https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-rule-to-permit-or-deny-users-based-on-an-incoming-claim">Create a Rule to Permit or Deny Users Based on an Incoming Claim | Microsoft Docs</A>&nbsp;</P><P></P><P>-Danny</P></BODY></HTML> Tue, 08 Jan 2019 18:20:35 GMT https://community.esri.com/t5/arcgis-online-questions/adding-enterprise-login-for-agol/m-p/679928#M33805 DanielUrbach 2019-01-08T18:20:35Z https://community.esri.com/t5/arcgis-online-questions/adding-enterprise-login-for-agol/m-p/679929#M33806 <HTML><HEAD></HEAD><BODY><P>thanks for your feedback Danny. We did get it done, it works great. AGO/ADFS via </P><P></P><P>in AD</P><P>-claims aware trust</P><P>-access control , permit specific group</P><P>-add relying party trust</P><P>-send LDAP attributes as claims</P><P>-dpwm;pad adfs federation metadata.xml</P><P></P><P>in AGO</P><P>-set enterprise login</P><P>-set identity provider via a&nbsp; metadata.xml file from-encrypt assertion, update profiles on sign in</P><P></P><P>then start inviting AGO members.</P></BODY></HTML> Thu, 16 May 2019 16:06:59 GMT https://community.esri.com/t5/arcgis-online-questions/adding-enterprise-login-for-agol/m-p/679929#M33806 CathleenAlmberg 2019-05-16T16:06:59Z