Community
Select to view content in your preferred language

How to create an Enterprise Portal Item for secured AGOL service if authentication is SSO\SAML

221
4
Jump to solution
a week ago
KiwiGISmapster
by
Occasional Contributor
a week ago

If an organization using ArcGIS Online, implemented SSO\SAML authentication for access of their secured services, how would organizations using Enterprise Portal be able to create items using their service REST URL and embed credentials? Is embedding\storing credentials on portal services limited only to Built-in accounts?

Cheers,

Chris

0 Kudos
1 Solution

Accepted Solutions
RyanUthoff
by MVP Regular Contributor
MVP Regular Contributor
Wednesday

Not necessarily depending on your situation, it just depends on the cooperation of the other org. We actually do the exact same thing. You just need to request them to add your AGOL service account to the group the services are shared with.

For example: The other organization has services hosted on AGOL and adds those services to a group that they give our org access to. We request them to add our AGOL service account to their group. From there, we take their service and at it as an item on our Portal, and use the AGOL service account to store the credentials with it.

But like I said, that method would depend on the cooperation of the other org.

View solution in original post

0 Kudos
4 Replies
RyanUthoff
by MVP Regular Contributor
MVP Regular Contributor
a week ago

You are correct. Embedding/storing credentials on the Portal service (technically, the AGOL service that you are adding as an item on Portal) has to be with a built-in account. The built-in account would need to be on the AGOL side in your scenario.

I'd recommend a built-in "service" account on AGOL that you can use when storing the credentials on Portal. It would be used solely for storing credentials on services on Portal.

0 Kudos
KiwiGISmapster
by
Occasional Contributor
Wednesday

Thanks Ryan. Unfortunately, the AGOL services are owned by a different org. We are just users of those AGOL services. So seems this is hitting a brick wall for us then?

0 Kudos
RyanUthoff
by MVP Regular Contributor
MVP Regular Contributor
Wednesday

Not necessarily depending on your situation, it just depends on the cooperation of the other org. We actually do the exact same thing. You just need to request them to add your AGOL service account to the group the services are shared with.

For example: The other organization has services hosted on AGOL and adds those services to a group that they give our org access to. We request them to add our AGOL service account to their group. From there, we take their service and at it as an item on our Portal, and use the AGOL service account to store the credentials with it.

But like I said, that method would depend on the cooperation of the other org.

0 Kudos
KiwiGISmapster
by
Occasional Contributor
Wednesday

Hi Ryan, good point. We do have an AGOL subscription and a dedicated account for such external group membership. Totally forgot about that. Cheers for that

0 Kudos