Latest Contributions by GeriMiller

We wanted to ensure that everyone saw the below, and communicated it to your IT collaborators, as it will impact anyone using ArcMap versions prior to 10.7, and ArcGIS Pro versions prior to 1.3, when making connections to ArcGIS Online.  ArcGIS Enterprise, some client apps and custom third-party applications built on ArcGIS Runtime, depending on versions, may get affected also.   Though unfortunately this important security update does not comply with our academic calendars, action must be taken to ensure smooth transition… please visit the main TLS page for further details and next steps.   Thank you and feel free to post any questions on GeoNet – this is a page dedicated to this update.   Q. I have ArcGIS Pro 2.3, am I ready to go for April 16? A. Yes.   Q. I have ArcGIS Pro 1.2 and earlier, am I ready to go for April 16? A. No, action must be taken.   Q. I have ArcGIS Map 10.7, am I ready to go for April 16? A. Yes.   Q. I have ArcGIS Map 10.6.1 and earlier, am I ready to go for April 16? A. No, action must be taken. A2. Perhaps an opportunity to update workflows to ArcGIS Pro.   Q. I have ArcGIS Enterprise version 10.6, am I ready to go for April 16? A. It depends, likely action must be taken. Version of Portal for ArcGIS higher than 10.4.1 are unaffected. Versions of ArcGIS Server are dependent on underlining OS. From: Esri <newsletter@esri.com> Subject: Reminder! Immediate Action Required — ArcGIS Security Update   On April 16, 2019, we are making an important configuration change to ArcGIS for TLS support.     View email in web browser. Important Update for ArcGIS and TLS Esri is committed to providing strong security for the ArcGIS platform by using the latest industry standards and best practices for security protocols. To meet these requirements, starting April 16, 2019, we are updating ArcGIS Online to enforce the use of TLS (Transport Layer Security) version 1.2 only. This date has been adjusted due to the partial shutdown of the US Federal Government and customer feedback. This update is likely to affect most ArcGIS software and customer solutions. If you have not updated and validated your system's support for TLS v1.2 only, you may lose your ability to connect to ArcGIS Online. More details about Esri's support for TLS, including patches and instructions for updating software, can be found by visiting support.esri.com/en/tls. Who Is Affected? Users of most ArcGIS software or custom solutions using Esri technology may be affected by this planned update to TLS protocol v1.2. What Do I Need to Do? Go to the Esri TLS Support page for information, patches, and instructions for updating software for TLS v1.2. Patches for all versions of ArcGIS Desktop back to 10.2.1 are now available. How Do I Validate My Systems Beforehand? Esri is providing a validation web service that can be used to quickly verify that ArcGIS Desktop will work when TLS v1.2 only is enforced. Esri is also providing validation services for customers utilizing third-party apps and custom components including map services, geocoding services, and basemap services. Information about these validation services is available on the support site link above. If this email is not applicable to you, please forward it to the one who manages your ArcGIS software or custom solutions using Esri technology. Read More You received this because of the impact of this announcement on your organization. Update your subscription preferences. Esri.com | Privacy | Contact Us Copyright © 2019 Esri. All rights reserved. Esri, 380 New York Street, Redlands, CA 92373, USA. ... View more

Hi Everyone,   If you use the ArcGIS API for Python to script provisioning of ArcGIS licensing, please read on…   As you may know, yesterday there was an update to ArcGIS Online. In conjunction, there was a release of the ArcGIS API for Python, version 1.5.2, which included better support for the new user types.   We recommend updating to version 1.5.2 of the Python API, which is now available on the Esri conda channel. Note, the developer website will NOT go live until Monday. Please take a look at the following blog for more information.   Please note that the name of the AppStudio entitlement has changed – it used to be “AppStudio for ArcGIS Standard”. Now it is “AppStudio for ArcGIS”. The key, “appstudiostd” stays the same. Please update your scripts accordingly, if you are currently provisioning AppStudio for ArcGIS Standard. Side note, this is to reflect a change of licensing for AppStudio – moving forward, and once migrated to the new institution agreement/site license, AppStudio Basic will be available to anyone via ArcGIS Online, while AppStudio Standard will be licensed through the ArcGIS Developer Subscription only. Further information can be found here.   Thanks to University of Michigan, University of Minnesota and Virginia Tech for testing early and confirming the above.   Let us know if you have any questions. ... View more

Simply sharing, AWS/Azure/GCP resources for research and teaching use - web meeting/presentations for instructional and research use, along with discussed resources.     Meeting recording and presentations AWS Educate   Google Cloud Platform Education Credits      Please let us know if we can be of further help.   ... View more

Dear Colleagues:   You have likely seen information about the new User Types coming out in the December 4th release of ArcGIS Online. Some of you have asked how these new User Types will affect Education program offerings, therefore we wanted to provide an update.   Overall, not much will change immediately for those of us with Education program licenses, such as Site/Institution licenses, Lab Kit/Academic Department licenses, or Schools bundles.  However, these changes lay the groundwork for streamlining ArcGIS administration even further and we will see additional changes in the coming months.   What is changing in this December 4 th release:   Level 1 named users will automatically be converted to Viewer User type. Level 2 named users will automatically be converted to a Creator User type. All capabilities of each user type remain the same. Roles remain the same (Administrator, Publisher, User, Custom Roles, etc.). An updated look/interface and updated Licenses and Members pages and workflows.   For existing users, any already assigned licenses/entitlements will remain assigned. For new users, licenses/entitlements of ArcGIS Pro and other apps (Business Analyst, Insights, etc.) will need to be assigned, as before.   Additional information on changes in this December 4 th release can be found here.   What does the introduction of the new User Types mean over the coming months (i.e. future releases):   We anticipate additional changes in the March 2019 ArcGIS Online release which will provide the ability to configure additional app assignments in enterprise login settings. We will continue to work towards automated provisioning of all apps included in Education program offerings so you can easily and efficiently provide your users with access to the full capabilities of ArcGIS.   In summary, this December release introduces some exciting new changes, and will see additional changes over the coming months. In the meantime, we continue to recommend enabling enterprise logins, if you haven’t yet, and following these best practices for administering ArcGIS.   Please let us know if you have any questions, feel free to post here. ... View more

Simply sharing 3D/Lidar resources - huge thanks to Geoff Taylor (Esri) and Christine Wacta (SCAD) for their inspirational presentations in a webinar focused on 3D and Lidar workflows and tools, and for their willingness to share content. Below are the resources we discussed:   3DLidar - 11-7-2018 web meeting – containing the PPTs Geoff and Christine shared, along with a recording of the webinar Yale_NYU workshops – containing materials (data, instructions) from the day-long 3D/Lidar workshops ... View more

We often get asked about the differences between My Esri and ArcGIS Online accounts in educational settings, and how the two are related. We wanted to document a few items to keep in mind - indeed, they are two different accounts, which could bring confusion. My Esri - portal to manage your customer account information:      Update contact and account information.      Review order history and maintenance status.      Access license information and generate provisioning files for users.      Access software downloads.      Create technical support cases.      Manage conference registrations.      Add users with customizable access levels, including adding users for Esri Training and GeoNet access (though not necessarily recommended to add students/faculty/staff for purpose of providing access to Esri Training, GeoNet, etc., more below).      Your My Esri account is your identity to My Esri – this is your customer record. ArcGIS (ArcGIS Online or ArcGIS Enterprise) named user account:      Your ArcGIS account is your identity in the organization/portal, it is how you get access to ArcGIS Online and are provided various privileges and capabilities to work with ArcGIS, depending on your role (User, Publisher, Administrator, etc.).        If you enable Esri Access for an ArcGIS Online account, users can access Esri Training and GeoNet with their ArcGIS Online credentials. Hopefully those are enterprise accounts – i.e. your organization in Educational setting has enterprise logins enabled (SSO).      If you are an Administrator, this ArcGIS account is used to grant entitlements for SAAS products (apps, ArcGIS Pro, etc.), also to enable Esri Access, and a number of other functions.      This account stays with your institution, however, you may transfer any Training History to a personal (or other) account by reaching out to Esri Customer Service. A few additional facts:      If you already have Esri account for training, enabling Esri Access on ArcGIS Online account is not going to link that ArcGIS Online account to any existing Esri account (and to the training history, support, event registration, etc. associated with it)      An individual could have Esri account tied to a personal email address, so that they can retain their training history after they leave the institution.      If you are a student or faculty/staff, you can be linked to your institution’s My Esri (customer record). Note that we don’t necessarily recommend this, unless this individual will be helping with management of downloads files, generation of provisioning files, calling Technical Support, and other similar functions.      If you have purchased a license from Esri (Personal Use, Student Use), you will have your own Esri organization.      Therefore, you may have multiple Esri accounts.      A single email address may be tied to multiple ArcGIS Online accounts, but to only one Esri account (Exception: ".edu" and ".esri.com" emails may have multiple).      When logging to Esri Training or GeoNet, one must use (a) an Esri Account, or (b) an ArcGIS Online account with Esri Access enabled. Recommendations/Considerations:      There are various approaches for management, but we typically don’t recommend adding students to the My Esri organization, as this would impose manual admin work to grant such access, and work for students to accept email invitations the correct way and with the correct account, and to keep track of which account is used for what. This may appear to be an acceptable option for managing a class or two, but not for empowering your whole institution to use ArcGIS.      We do recommend enabling Esri Access via ArcGIS Online accounts – if an institution has implemented enterprise logins, this is an automated process for anyone joining the organization (no additional work for admin or students).      Additional information for recommended way to share downloads/executables/provisioning files is here, so that it does not have to be done through My Esri for everyone in an institution.      Any of the above options make it challenging to retain Training History (certifications from courses, etc.) – the solution for now, for whoever wishes to preserve their training history upon leaving the institution, is to reach out to Customer Service and request their training history be transferred from their institutional ArcGIS account to a public one. ... View more

Huge thanks to Ryan Danzey (Esri), Richard Tsung (USC),  Duffy Chisholm (UCR) and Hoori Ajami (UCR) for sharing their experiences in virtualizing ArcGIS Pro!!!   The recording and slides are located  here.    Below are a couple of resources for what we discussed - be on the lookout for a blog and further resources coming up on AWS AppStream! ArcGIS Pro Cloud Virtualization (AWS, Azure) ArcGIS Pro On-Premises Virtualization AWS Educate   Please post any questions or further follow up here.  ... View more

Simply sharing, if you have not seen the following resources, covering a great variety of capabilities and topics with Esri platform.   YouTube - 50 Tech Workshops are publicly available to share with your faculty/staff/students Slides - PDF versions of the PowerPoint slides from each workshop (Esri Events Proceedings page)   Along the same lines, the 2018 Esri Developer Summit offerings are here. ... View more

For those of you interested, and if you have not seen this already, this Story Maps and the Digital Humanities collection contains some inspirational examples of humanities/education/academic oriented story maps.  It is a companion to Allen Carrol's recent blog post on this topic. Enjoy. ... View more

*Updated 2023 We often get asked “I’d like my students, staff or faculty to use ArcGIS Pro, what is the best way to distribute the executable or the license file?” This applies to any other Esri application that needs to be downloaded and installed, such as ArcGIS CityEngine, ArcGIS Enterprise, ArcGIS Drone2Map, etc. License files: With Modern GIS, licenses are managed through an ArcGIS named user account linked to an individual rather than through a license file linked to a device. Hence, it is crucial that organizations implement SAML logins for efficient access to all ArcGIS apps, including ArcGIS Pro. There will be no need for sharing ArcGIS Pro license files, as Single Use and Concurrent Use licensing will not be available. Certain applications, including ArcGIS Enterprise, ArcGIS Business Analyst, and ArcGIS StreetMap Premium, still require a license file. Our recommendation is to use your existing software distribution mechanisms or institutional file share system to distribute those license files (OneDrive, Box, Google Drive, etc.). Executables (installer files): We recommended that ArcGIS Pro be downloaded directly from ArcGIS Online. A signed-in user can click on their name in the upper right corner and choose My Settings and then Licenses. The advantage of this method is that the student, faculty or staff do not have to go to an additional application (file share system) to obtain the executable.    The recommended method for sharing the executables for ArcGIS Drone2Map, ArcGIS City Engine, ArcGIS Enterprise, etc., is to use your institution's existing file share system (OneDrive, Box, Google Drive, etc.). This method is also useful for sharing older versions of ArcGIS Pro. Advantages of this approach are: Access to the executables is managed with the same single-sign-on (SSO) as your ArcGIS Online organization, LMS or other business systems. This makes it easy for students, faculty and staff to login with their known enterprise credentials and download software. One location for accessing the executables is used by everyone in the organization - a familiar workflow for obtaining software.   In addition to sharing the executables, other common instructions could be shared, as well as access to older versions of applications could be provided, as needed. Note: Typically, the above approach of sharing executables and license files is appropriate for ArcGIS applications for which licenses available to everyone (i.e. ArcGIS Drone2Map Standard). For more advanced technology, such as ArcGIS Enterprise, additional communication about support, requirements to install, etc. should be in place with the executables, to ensure successful experience in using the application. Commonly asked questions Can I use My Esri to share license files and executables with everyone? We do not recommend using My Esri as a method for sharing executables or license files for your campus at large (i.e., providing access to many students, faculty and staff). It may be appropriate to enable IT managers at the college/business-unit level to use My Esri for provisioning licenses, downloading software, and submitting technical support requests. However, we generally discourage using My Esri with transient student users because of the administrative overhead required to manage permissions to the other areas of My Esri. Invitation to My Esri will need to be initiated by the administrator, which means this could result in multiple transactions. Depending on whether the My Esri account is already in the system, there may be additional interaction to Request Permission (for Downloads in this case). There are notification emails that go out to student, staff, faculty who are being given those permissions, such as “your permissions request has been received”, or “your request has been approved” notifications. These could be confusing for new users. This can be burdensome for administrators (to have to manage the requests), for instructors (to have to instruct their students where to go to download), and for students (to have to navigate My Esri to get to downloads) From Administrator standpoint, this does not scale well for increased number of users. What is the best way to share licenses when working in a disconnected environment, i.e., taking ArcGIS Pro offline? In the future, Single Use files will not be an available option to license ArcGIS Pro in the field and when disconnected. Therefore, the recommendation for licensing ArcGIS Pro when disconnected is to “Take ArcGIS Pro Offline”, under Organization->Licenses. We have made a number of improvements, and will continue to do so, to simplify this process. One of the upcoming improvements will be that the license can be taken for a period of time only (X number of days, lower than the organization's expiration date). This will help with offline license recovery, which has been a pain point as it necessitates a transaction with Esri - the offline license will be checked back in upon expiration of the days set for taking it offline - this will be done automatically even if the user does not return the license.   Feel free to share feedback. ... View more

We often get questions by academic users on how to teach with ArcGIS Enterprise, especially by those who have been teaching with a standalone ArcGIS Server. For anyone new to ArcGIS Enterprise - ArcGIS Server was renamed to ArcGIS Enterprise as of the 10.5 release, to reflects its functional capabilities and a modern Web GIS pattern. ArcGIS Enterprise is how we do Web GIS in an organization’s infrastructure. We wanted to outline a couple of possibilities in terms of teaching and deployment in the classroom. They are simply scenarios, and we welcome any feedback if anyone has utilized any of these, or other, patterns. Choosing an option will depend on your purpose:      If one wants to empower many instructors and students to participate in innovative educational opportunities, enabled by ArcGIS Enterprise advanced services and capabilities, the first listed option would probably be best. In this case, the instructors or students do not necessarily need to know everything about the underlying technology, they just need to take advantage of the capabilities, once it is setup for them.      If one wants to teach administrative aspects of deploying a technology such as ArcGIS Enterprise, then the second and third options may work better. Note that there are a number of System Requirements that we need to keep in mind as we teach with ArcGIS Enterprise, specifically the need for Domain Name Service (DNS), Fully Qualified Domain Name (FQDN) and SSL certificates – items that we didn’t necessarily have to think about with the older standalone ArcGIS Server pattern.      ArcGIS Enterprise deployed for a course/program      All students are Publishers in the portal      Everyone leverages advanced services (geocode, image, geoprocessing, etc.)      Everyone leverages advanced capabilities and server roles (GeoEvent/Real Time GIS, GeoAnalytics, Raster Analytics, Business Analyst)      Everyone uses ArcGIS Pro to share to the portal      Enterprise logins (SSO) can be used to alleviate manual student user creation      ArcGIS Enterprise for a course (base ArcGIS Enterprise deployment managed by instructor, students having standalone ArcGIS Server machines, which they will federate with Portal for ArcGIS)      Instructor has the base ArcGIS Enterprise deployment (Portal for ArcGIS, ArcGIS Server, ArcGIS Data Store, 2 ArcGIS Web Adaptors)      If there are 20 students in a course, each of the 20 students will have their own ArcGIS Server machine – they will be Administrators on the Instructor portal and each student will federate his/her ArcGIS Server site to the Instructor portal (so 20 federated servers). They will do this as an exercise, i.e. practice some of the installation steps, but understand the importance of the portal in a modern Web GIS pattern. They will not get to setup the portal homepage and other settings.      Everyone can leverage advanced services and capabilities.      Everyone uses ArcGIS Pro to share to the portal.      Note, this scenario with many federated servers has not been tested (a couple of universities are planning to implement it in Fall 2018) so please do test and share any results if this is your pattern of choice, especially if you have a lot of students in a course.      Every student gets their own ArcGIS Enterprise deployment (students practice administration of ArcGIS Enterprise, including installation, portal setup (homepage, users, and various administrative duties)). We use this option in a "Web GIS" course at Johns Hopkins University, so I’ll take the liberty to document a few details.      Students were given a scenario that they work for the City of X, and were tasked with deploying and administering a Web GIS in the city's infrastructure, to provide apps and capabilities to the city's constituents. They got to install ArcGIS Enterprise, setup the portal, add users, and wear an administrator hat. They really enjoyed it – it was empowering, after they’ve worked with a SaaS such as ArcGIS Online, to be able to do many things on premise themselves, including Real Time GIS!      We leverage AWS as an infrastructure but this could be done on-premise or with other cloud platforms, such as Azure or Google Cloud (GCP). Every student gets a dedicated EC2 instance. We have AWS federated logins and SSO (which means no manual IAM user creation for students – access gets controlled through Active Directory (AD) groups and roles mapped to them). Therefore, students can just login to the AWS console using their student credentials, and they have privileges to start/stop/restart their own instances and no one else’s.      Esri Cloud Formation, Esri ArcGIS Enterprise AMIs or ArcGIS Enterprise Builder can be used in this scenario.      We favored the use of ArcGIS Enterprise Builder deployed by students on a preconfigured AMI we setup beforehand (starting with the standard AWS Windows Server 2016 instance, turning off Internet Explorer Enhanced Security Configuration, setting up Chrome as a default browser, installing Notepad ++, Installing ArcGIS Pro, copying the install executables on the AMI, and a few other tweaks)      We used AWS Route 53 for DNS, our own domain hosted in AWS (such as gis-jhu.education), and record sets for each student. Let’s Encrypt wildcard cert was used by all students. We could have worked with Central IT to register all student instances with JHU DNS, but they recommended against Elastic IPs, required all internal traffic, which meant the students would have to VPN, which was not ideal for a fully online program, given that our students could be anywhere geographically. Hence, managing everything within AWS appeared to be an easier approach. However, there are many options in terms of networking and fulfilling the system requirements.      At the end of class, we had a DevOps scenario, and students again got to configure a base deployment using Chef Solo (free Chef Client download), and Esri Chef cookbooks, specifically the ArcGIS Enterprise recipe – powerful way to observe Web GIS automation and deploy via a script. Note that to deploy ArcGIS Enterprise for teaching, licensing will be needed for the ArcGIS Server component as well as the Portal for ArcGIS component. For the Portal for ArcGIS licensing, you will likely need to reach out to your Esri Account Manager and specify the number of named users you’d like to have in your portal. For the last described pattern (each student having their own ArcGIS Enterprise deployment), licensing for the Portal for ArcGIS component would need to be obtained for each student through the ArcGIS Developer Subscription, documented here. Students will get a portal with 5 named users. If anyone has used the above scenarios, or others, please do share what worked, if any challenges were encountered. Resources:      Migrating standalone ArcGIS Server to ArcGIS Enterprise white paper      Four Common ArcGIS Enterprise Questions blog, especially the first question on adopting full stack ArcGIS Enterprise deployment.      ArcGIS Enterprise Documentation      Set Up ArcGIS Enterprise Portal Learn ArcGIS Lesson ... View more

In a recent Ed Summit 2018 workshop on “Best Practices for Administering ArcGIS in Education” we shared a number of recommended workflows applicable to academic setting. Some of the key ideas are below:   Web GIS is not just “more and better” GIS, rather a whole new way of doing GIS, which requires new ways of managing GIS. Build bridges with stakeholders within your institution who can facilitate these best practices – collaborate with experts in enterprise systems, identity management, information assurance, etc. Maximize access to ArcGIS and minimize time/cost spent managing ArcGIS - it takes more time to restrict access. Enable enterprise logins, commonly referred to as Single Sign On (SSO), and auto-provision new users for Role (Publisher), Credits, Esri Access, Entitlements, etc. This eliminates manual account creation and management when user status changes (student graduates, faculty retire, staff leave). Enable access for everyone – once SSO is implemented, new users can automatically join and leverage the technology. Consider ArcGIS to be enterprise-level system similar to email, LMS, file servers.  Enable Esri Access for any incoming user as part of auto-provisioning (possible after latest June 2018 ArcGIS Online release) – empowering users to help themselves by getting access to Esri Training, Learn ArcGIS, GeoNet. Enable access to everything – grant entitlements for all common apps (ArcGIS Pro, GeoPlanner, Insights for ArcGIS, Community Analyst, Business Analyst, etc.) for any incoming users (currently done via script). Ensure that any such scripting is enterprise-level – robust, scalable, secure, reliable. Set credit quota – high enough so that users can do their work, low enough to protect them from mistakes. Use a single ArcGIS Online organization, where possible, which avoids impeding collaboration and means reduced combined management workload. Disable offline licensing for ArcGIS Pro via Named User licensing, and instead provide Single-Use licenses for potential offline use cases.  Do nothing as a best practice (for now) – no need to delete accounts, delete content, etc.  Rely on official institution sources to track when person’s status changes – students graduate, faculty retire, staff leave – configure SSO to deny access for ineligible users. Do not delete content as there may be dependencies and others may be relying on this content.   We welcome any feedback on the above recommendations!   Peter Knoop (University of Michigan) Geri Miller (Esri) ... View more

For a while we have recommended that the best approach for managing ArcGIS Online or ArcGIS Enterprise portals, including named users, entitlements, Esri Access, credits, etc., is to enable enterprise logins, commonly referred to as Single Sign On (SSO). So far, the only supported configuration for enterprise logins was using one identity provider (IDP), Shibboleth and Active Directory Federation Services being some of the common ones in academia.    As of the latest June 2018 release of ArcGIS Online (and the pending ArcGIS Enterprise 10.6.1 release in July), we now support enabling enterprise logins via a federation of identity providers. Identity federation allow users belonging to an existing inter-organizational federation, such as InCommon (United States), SWITCHaai (Switzerland), DFNaai (Germany), and others, to sign in with credentials supported by that federation. Each member organization continues to use their own IDP, but configures an SP (i.e. ArcGIS) to work exclusively within the federation. This is a request we’ve received by quite a few institutions and wanted to document some of the functionality and cases where it may be beneficial. NOTE: ArcGIS is not joining the InCommon, Switch or DFN federations as a member. Hence, Esri will not be listed as an SP entity.  Rather, ArcGIS Online or ArcGIS Enterprise portals will need to be added as a new SP to the federation. This will enable users to share and access their web resources within the federation, and have a seamless login experience. The following SWITCHaai documentation provides an easy to understand explanation and graphic.      Cases where it would be beneficial:      Requirement imposed by institution’s IT/Central Services – many institutions who are InCommon participants have been able to implement enterprise logins configured with one identity provider (IDP), however, some institutions have their own requirements that mandate support for identity federation. With identity federation supported in ArcGIS, now these institutions who have such requirement could proceed with enabling enterprise logins.      Multiple campuses using multiple identity providers (IDP) – for example, three campuses of the same institution using three different Shibboleth instances to provide identification – in these instances, institutions will use identity federation to integrate with their three local Shibboleth installations. This will be an example of identity federation, which is not related to InCommon, SWITCHaai, DNFaai, or other inter-organizational federations.      Potential benefits for users who wish to enable collaboration across and between different educational institutions - for example, if this capability did not exist, and a student/faculty/staff from University X wanted to access resources hosted by University Y, they would need an account from university Y to login to the portal. Therefore, to access resources spread across different, un-federated universities, one would need different login accounts, which complicates both user login experience and user management. Having identity federation will simplify this and allows for a single enterprise ID to be used (as long as the institutions belong to the same federation).      Learning Tools Interoperability (LTI) compatibility requirements – LTI being a protocol for various services and service providers to integrate with Learning Management Systems (LMS) – some entities have this requirement to connect LMS with external service tools (i.e. ArcGIS). Since ArcGIS technology provides a teaching and learning environment in education, this new identity federation capability could fulfil such requirements to integrate ArcGIS technology with LMS platforms.        Identity federation setup and user experience:      An institution must be a member of a federation to use this new feature. When administrators and IT staff configure enterprise logins using a federation of identity providers, there are a number of parameters needed, including URL of the federation (Federation Discovery Service URL), Metadata Aggregate URL, and Certificate to validate the aggregate metadata.      When identity federation is configured, the same option applies as when using a single IDP – users will be able to join automatically or by invitation. When multiple institutions are members of the federation, it may be recommended to use the “Upon invitation from an administrator” option. This means that users from a federation must be explicitly invited, i.e. in the ArcGIS Online or  ArcGIS Enterprise portal settings, an administrator would go to Invite Members, and use the option “Invite members to join using their enterprise logins”. Then users would be able to have the same user login experience, using their respective institution’s enterprise credentials. Sharing of content is protected by the existing ArcGIS security model and groups are leveraged to restrict access. Note, SAML-based group membership is not yet supported with identity federation.      Once the ArcGIS Online organization is registered as a member of the federation, the login experience is the same on the initial login page (when the user chooses either to login using an enterprise account or ArcGIS account). If identity federation is configured, the organization is a member of a federation of multiple members, what needs to happen is the federation needs to identify the home organization, i.e. where you are from, and a user will be prompted to a centralized Discovery Service Page, on which they will be asked which university/entity they belong to.        Further Resources:      ArcGIS Online documentation      SWITCHaai documentation      ArcGIS Enterprise documentation        Why Single Sign on for academia blog    Further feedback is welcome! ... View more