Community
Select to view content in your preferred language

How to create a profile with SAML log-in

1818
12
02-28-2023 08:39 AM
ellipsol
by
Regular Contributor
‎02-28-2023 08:39 AM

I want to create a GIS profile for my SAML log-in, but it's giving me an error. I check the password is correct, and so is the user name. When I run the script below using my ArcGIS Log in, it works just fine. Does anyone know how to create a profile with a SAML log in?

Here is the general script:

 

from arcgis.gis import GIS
from other import pw
gis_profile = GIS("https://subdomain.maps.arcgis.com", "user@name", pw, profile="ArcGISOnlinePJ")

print("Profile defined for {}".format(gis_profile))

 

 

Here is the error:

ellipsol_0-1677602291433.png

 

Tags (2)
0 Kudos
12 Replies
by Anonymous User
Not applicable
‎02-28-2023 08:49 AM

I don't think you can add a single user of a SAML directory. You would need to integrate your entire SAML directory with ArcGIS Online first. Afterwards, you could then utilize accounts in the SAML organization with ArcGIS Online.

0 Kudos
ellipsol
by
Regular Contributor
‎02-28-2023 08:51 AM

We have integrated SAML logins for the whole company, but still keep ArcGIS logins. For whatever reason I'm not able to create a profile as of yet with my SAML account.

0 Kudos
PeterKnoop
by MVP Regular Contributor
MVP Regular Contributor
‎02-28-2023 10:07 AM

Login support for SAML accounts typically relies on an interactive login workflow that is not compatible with supplying your username and password directly to the GIS() method. Instead you need to use a different authentication scheme; ArcGIS supports the OAuth 2.0 standard.

Esri has a general example you can follow, User authentication with OAuth 2.0, which should enable you to leverage the single-sign-on method provided by your organization for SAML accounts.

While this approach is not compatible with GIS() profiles, having the url and client_id in the Python code is not as big of a security concern as having the password hardcoded there. So you don't need to use a profile.

Note that this approach only works for interactive logins. In general SAML accounts do not support non-interactive logins, so you cannot use this approach in, say, a scheduled Notebook.

ellipsol
by
Regular Contributor
‎03-13-2023 03:29 PM

Thank you, Peter. I should have mentioned my procedure runs multiple times an hour everyday so I need something  non-interactive.

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎03-13-2023 04:09 PM

what is the hourly chore?

0 Kudos
ellipsol
by
Regular Contributor
‎03-14-2023 08:08 AM

Incident data, @BillFox, do you have another idea?

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎03-14-2023 08:17 AM

is a live connection, join or append an option for your workflow?

0 Kudos
ellipsol
by
Regular Contributor
‎03-14-2023 08:23 AM

I do so much data wrangling with pandas that a live connection to the database would not be idle. I basically run truncate and add on the feature layer

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎03-14-2023 08:41 AM

if you did (live/join/append) could the wrangling be successfully done and automated on the other side of the fence?

0 Kudos