To integrate Centrify with ArcGIS Portal, we not only need config ArcGIS Portal, but also need config the attribute mapping in Centrify. If you want your Portal Group could integrate with SAML group, you have to pass the group attribute from Centrify response. The important mapping as below.
Once you have the above attribute mapping, you could check the response which would similar as below.
Once your ArcGIS Group integrates with the SAML group, you could find the SAML group from “My group” if you are a member of it.
If you want to get more attribute from Centrify, please refer to
https://docs.centrify.com/Content/IntegrationContent/Idaptive/idaptive-integration-steps.htm
https://docs.centrify.com/Content/Applications/AppsCustom/CustSamlApps.htm
Thanks for this Bing,
could you perhaps add a bit more detail, recognising that not every Centrify installation will be using the same fields for the information required by ArcGIS Enterprise.
ArcGIS (whether AGOL or Enterprise) requires a set of attributes within a SAML response:
When configuring the response Centrify sends to ArcGIS when a User authenticates, Centrify administrator is able to map the internal attribute names (e.g. LoginUser.Email) to the"attributes" in the response (e.g. Email in your example).
In Centrify's case, you need to check which of the inbuilt attributes are suitable to map to the "Groups" attribute in the response. As you show, there are two potential candidate attributes LoginUser.RoleNames or LoginUser.GroupNames - for your site, you chose GroupNames but this may be different at other sites.
Thank you Bing, good work.
Hello
In a related-but-unrelated issue we are facing an issue whereby we can't correctly pass the idaptive SAML attribute for "surname " into Portal 10.6.1.
We can easily pull it from iDaptive and include it in the SAML response using LoginUser.LastName
But no matter what we term this attribute portal fails to accept it. We've tried the following:
If anyone has successfully configured iDaptive against Portal please let us know.
Thanks
#idaptive #SAML #enteprise #portal10.6.1