Enterprise Python Authentication

1281
10
Jump to solution
02-02-2021 06:32 PM
zx
by
New Contributor II

Hello,

referring to this page https://developers.arcgis.com/python/guide/working-with-different-authentication-schemes/ , what is meant by "built-in identity provider" in this statement:noninteractive.PNG

I'm trying to interact from python with feature layers that are stored on my enterprise account, we use OAuth2 with a IDP. I can't use the python API because I am not an administrator.. should I login with he REST API? 

0 Kudos
1 Solution

Accepted Solutions
HenryLindemann
Esri Contributor

Hi @zx, so it looks like you are using SAML with SAML you will always have the token that you have to past in and for automation you have to use a built-in account.

HenryLindemann_4-1612766189829.png

 

if your login looks something like this blue button for SAML e.g. you windows and a ArcGIS login below then you have mixed mode setup for portal, otherwise you only have SAML.

HenryLindemann_1-1612765568078.png

your admin can find the setting under security if they are willing to turn mixed mode on.

HenryLindemann_2-1612765899193.png

If you have mixed mode then ask you company to create a normal portal user not SAML then move the content there and login normally 

HenryLindemann_3-1612766045570.png

 

Windows Authentication IIS

```python```

 from arcgis.gis import GIS
gis = GIS("https://your_dns/portal")
print(gis.version)

```python```

Built-In 

```python```

 from arcgis.gis import GIS
gis = GIS("https://your_dns/portal",  username,  password)
print(gis.version)

```python```

Kind Regards

Henry

 

View solution in original post

0 Kudos
10 Replies
HenryLindemann
Esri Contributor

Hi @zx,

The buil-in identity provider is the login system that comes by default e.g. when you log in  using the below part this is using the buil-in identity provider when domain authentication is not setup.

HenryLindemann_0-1612331531505.png

 

On the ArcGIS API for Python .

You can still use it you will just have access to your own content when you are not Administrator.

 

zx
by
New Contributor II

Hello @HenryLindemann ,

Thanks for responding so quickly! What authentication method do you suggest for scripts that need to run in the background / are triggered from another process within an Enterprise Org? the gis.GIS class with application authentication prompts the user for OAuth2 like interaction, but that wont be possible with an automated script. 

 

0 Kudos
HenryLindemann
Esri Contributor

Hi @zx,

Can you give me some more information, maybe a sample of you script also do you log in with a domain account automatically e.g. SSO  or do you use your phone, some screen shots will help me understand.

0 Kudos
zx
by
New Contributor II

@HenryLindemann ,

We use SSO with Microsoft. Im using the API for Python, Im curious if its possible to log in with 0 user interaction when OAuth2.0 is configured. Im talking about simple things like searching content on the portal, basic interactions with the API through python, just automated. 

0 Kudos
HenryLindemann
Esri Contributor

Hi @zx, so it looks like you are using SAML with SAML you will always have the token that you have to past in and for automation you have to use a built-in account.

HenryLindemann_4-1612766189829.png

 

if your login looks something like this blue button for SAML e.g. you windows and a ArcGIS login below then you have mixed mode setup for portal, otherwise you only have SAML.

HenryLindemann_1-1612765568078.png

your admin can find the setting under security if they are willing to turn mixed mode on.

HenryLindemann_2-1612765899193.png

If you have mixed mode then ask you company to create a normal portal user not SAML then move the content there and login normally 

HenryLindemann_3-1612766045570.png

 

Windows Authentication IIS

```python```

 from arcgis.gis import GIS
gis = GIS("https://your_dns/portal")
print(gis.version)

```python```

Built-In 

```python```

 from arcgis.gis import GIS
gis = GIS("https://your_dns/portal",  username,  password)
print(gis.version)

```python```

Kind Regards

Henry

 

0 Kudos
JoshuaBixby
MVP Esteemed Contributor

Can you elaborate on:

I can't use the python API because I am not an administrator

You don't have to be an administrator to use the ArcGIS API for Python.  "Regular" users can and do use it to interact with their AGOL or ArcGIS Enterprise/Portal content.

zx
by
New Contributor II

@JoshuaBixby 

this is returned when logging in via the OAuth2 application authentication flow with the GIS() class. 

customroles.PNG

we have custom roles which no longer allow us to interact with the API after upgrading to 10.8 - something that I think doesn't make sense, because we should only be able to change / add / update content that is owned by us anyway right? 

Have you ever ran a script that was triggered automatically? how did you handle logging into the API? were you using SAML? which type of authentication scheme would you recommend? 

 

0 Kudos
JoshuaBixby
MVP Esteemed Contributor

What code, specifically, is generating that error?  You say you upgraded to 10.8 and it broke, but it used to work with 10.7.x?  Also, have you changed versions of Pro from when you tested before and testing now against 10.8?

zx
by
New Contributor II

@JoshuaBixby 

gis = GIS('myportalURL', client_id = 'myClientID')

this code. 

Note: I know that this seems to be a permissions issue, Im just wondering when Single Sign On is configured (OAuth2.0), what is the optimal route to log in to the API automatically, with zero User Interaction? this particular flow requires the user to paste the authorize code to get a token. but if I need to log in automatically that will not be possible. 

0 Kudos