I need clarification as to whether or not Esri supports federation for using an ArcGIS Online or Portal account to authenticate into a third-party identity provider (IDP) rather than using a third-party to authenticate into ArcGIS Online/Portal. All of the Esri federation documentation on the web is showing how to use federation to authenticate into Esri. I would like to use Esri to authenticate into a third-party IDP. Similar to "login with Google", I would like the ability to "login with Esri".
Below is what I'm looking for:
- Does Esri provide OpenId Connect userinfo endpoint in addition to OAuth named user login?
- If the answer to above is yes, then does the endpoint provide access to a persistent identifier for a user (data which is not volatile, ie. not a subject to change when user decides to change it)?
- If OpenId Connect userinfo is not a possibility, then:
- Can the enterprise login, more precisely SAML federation, be extended to expose ArcGIS enterprise identity as an Identity Provider for an external system?
