Our organization uses SAML for access into the organization’s AGOL site. We’ve tried using the recommended Python methods of logging in but none have worked. Can someone please point me to info on how to log into AGOL using SAML in a Python script?
Solved! Go to Solution.
As Stated in the help document Calvin mentioned:
"Non-Interactive Login Experience
The recommended suggestion for non-interactive login scripts is to use the built-in identity provider instead of SAML."
Our portal is using SAML for internal staff, but we can create built-in users when needed. With the built-in named user you can login by username and password.
Hope this information useful
Hi Rey,
Is this the documentation you are looking at? Working with different authentication schemes | ArcGIS for Developers
This has worked well for me in the past. Once you have obtained the App Id after registering a new application with ArcGIS Online, you can copy the ID and paste it in your Python script where you are making the GIS object.
import arcgis
from arcgis.gis import gis
gis=GIS("https://arcgis.com", client_id="myAppID")
After running this, a new window should open in your web browser prompting you to log in. Sign in using your enterprise logins, and then copy the OAuth2 approval code. Go back to your Python script, and paste the code in the prompt to finish initializing the GIS object.
You should only need one application code/client_id parameter for all users in your AD that want to sign into ArcGIS Online.
Does this work for you?
Calvin
Thanks Calvin! I will try this as soon as I can get back on the project. I will let you know the result.
Calvin, thanks for your suggestion. However, we require a non-interactive login.
Any update on this? We are looking to switch to SAML authentication for our ArcGIS Enterprise setup, and wondering how we will be able to perform scripted background tasks. We currently have a number of scripted tasks that run as service accounts, for example adding portal items harvested from another location, or adding features to a hosted feature service from a data feed. Currently these scripts retrieve a token from the REST endpoint with a username and password. Will that still work when we switch across to SAML?
As Stated in the help document Calvin mentioned:
"Non-Interactive Login Experience
The recommended suggestion for non-interactive login scripts is to use the built-in identity provider instead of SAML."
Our portal is using SAML for internal staff, but we can create built-in users when needed. With the built-in named user you can login by username and password.
Hope this information useful
Thanks simoxu.
Based on Calvis suggestion to use a registered app with the portal I've solved the method to allow a non interactive SAML login.
1st as an admin register an app in the portal.
open the app and obtain the app ID and app Secret
import arcgis
from arcgis.gis import gis
gis=GIS("https://arcgis.com.OrPotalURL", client_id="myAppID", client_secret="myAppSecret")
Thanks Graham. We experimented with something similar using app ID and app Secret although I don't think it was python. From memory the issue we had was that the permissions weren't fine-grained enough for what we were trying to do when using this method. Hope this works for what you need it to do.