Hello,
referring to this page https://developers.arcgis.com/python/guide/working-with-different-authentication-schemes/ , what is meant by "built-in identity provider" in this statement:
I'm trying to interact from python with feature layers that are stored on my enterprise account, we use OAuth2 with a IDP. I can't use the python API because I am not an administrator.. should I login with he REST API?
Solved! Go to Solution.
Hi @zx, so it looks like you are using SAML with SAML you will always have the token that you have to past in and for automation you have to use a built-in account.
if your login looks something like this blue button for SAML e.g. you windows and a ArcGIS login below then you have mixed mode setup for portal, otherwise you only have SAML.
your admin can find the setting under security if they are willing to turn mixed mode on.
If you have mixed mode then ask you company to create a normal portal user not SAML then move the content there and login normally
Windows Authentication IIS
```python```
from arcgis.gis import GIS
gis = GIS("https://your_dns/portal")
print(gis.version)
```python```
Built-In
```python```
from arcgis.gis import GIS
gis = GIS("https://your_dns/portal", username, password)
print(gis.version)
```python```
Kind Regards
Henry
Hi @zx,
The buil-in identity provider is the login system that comes by default e.g. when you log in using the below part this is using the buil-in identity provider when domain authentication is not setup.
On the ArcGIS API for Python .
You can still use it you will just have access to your own content when you are not Administrator.
Hello @HenryLindemann ,
Thanks for responding so quickly! What authentication method do you suggest for scripts that need to run in the background / are triggered from another process within an Enterprise Org? the gis.GIS class with application authentication prompts the user for OAuth2 like interaction, but that wont be possible with an automated script.
Hi @zx,
Can you give me some more information, maybe a sample of you script also do you log in with a domain account automatically e.g. SSO or do you use your phone, some screen shots will help me understand.
We use SSO with Microsoft. Im using the API for Python, Im curious if its possible to log in with 0 user interaction when OAuth2.0 is configured. Im talking about simple things like searching content on the portal, basic interactions with the API through python, just automated.
Hi @zx, so it looks like you are using SAML with SAML you will always have the token that you have to past in and for automation you have to use a built-in account.
if your login looks something like this blue button for SAML e.g. you windows and a ArcGIS login below then you have mixed mode setup for portal, otherwise you only have SAML.
your admin can find the setting under security if they are willing to turn mixed mode on.
If you have mixed mode then ask you company to create a normal portal user not SAML then move the content there and login normally
Windows Authentication IIS
```python```
from arcgis.gis import GIS
gis = GIS("https://your_dns/portal")
print(gis.version)
```python```
Built-In
```python```
from arcgis.gis import GIS
gis = GIS("https://your_dns/portal", username, password)
print(gis.version)
```python```
Kind Regards
Henry
Can you elaborate on:
I can't use the python API because I am not an administrator
You don't have to be an administrator to use the ArcGIS API for Python. "Regular" users can and do use it to interact with their AGOL or ArcGIS Enterprise/Portal content.
this is returned when logging in via the OAuth2 application authentication flow with the GIS() class.
we have custom roles which no longer allow us to interact with the API after upgrading to 10.8 - something that I think doesn't make sense, because we should only be able to change / add / update content that is owned by us anyway right?
Have you ever ran a script that was triggered automatically? how did you handle logging into the API? were you using SAML? which type of authentication scheme would you recommend?
What code, specifically, is generating that error? You say you upgraded to 10.8 and it broke, but it used to work with 10.7.x? Also, have you changed versions of Pro from when you tested before and testing now against 10.8?
gis = GIS('myportalURL', client_id = 'myClientID')
this code.
Note: I know that this seems to be a permissions issue, Im just wondering when Single Sign On is configured (OAuth2.0), what is the optimal route to log in to the API automatically, with zero User Interaction? this particular flow requires the user to paste the authorize code to get a token. but if I need to log in automatically that will not be possible.