Community

Adding enterprise login for AGOL

442
2
01-08-2019 09:27 AM
CathleenAlmberg
by
New Contributor
‎01-08-2019 09:27 AM

we too are changing our AGO member seats to active directory authentication. My question is, can ADFS/SAML be activated on JUST ONE active directory group? Does anyone out there in GIS world have a setup like this? I'm trying to gauge if this is common practice or if we are heading into uncharted waters.

your feedback is appreciated, thanks,

Cathy Almberg

GIS Specialist, City of Palm Coast FLorida

calmberg@palmcoastgov.com

386.986.3741

0 Kudos
2 Replies
DanielUrbach
by
Occasional Contributor II
‎01-08-2019 10:20 AM

Cathy,

If I understand what you are asking, you want to know if you can limit the users who can sign in using SAML to your ArcGIS Online organization based on their membership in a particular AD group?

I would say the easiest way to accomplish this would be on the ADFS side of things using an Access Control Policy.  See the following Microsoft doc on this:

Create a Rule to Permit or Deny Users Based on an Incoming Claim | Microsoft Docs 

-Danny

0 Kudos
CathleenAlmberg
by
New Contributor
‎05-16-2019 09:06 AM

thanks for your feedback Danny. We did get it done, it works great. AGO/ADFS via

in AD

-claims aware trust

-access control , permit specific group

-add relying party trust

-send LDAP attributes as claims

-dpwm;pad adfs federation metadata.xml

in AGO

-set enterprise login

-set identity provider via a  metadata.xml file from-encrypt assertion, update profiles on sign in

then start inviting AGO members.

0 Kudos