tbaker-esristaff

Using Single Sign-On in Schools for User Management in ArcGIS Online

Discussion created by tbaker-esristaff Employee on Sep 3, 2018

A common barrier to organization-wide adoption of ArcGIS Online in education has been efficient, large-scale user management within an organizational subscription. Single sign-on (SSO) reduces the liabilities of teachers managing student accounts and allows them to focus on teaching with GIS. Moreover, it gives everyone in the school or district access to the software (article)!

 

When planning for ArcGIS Online via SSO, school districts should gather the following people: district SIS administrator, district IdP administrator, edtech coordinator, and interested curriculum coordinators.

 

Google G Suite Single Sign-On 

 One solution to working through this barrier is the use of enterprise logins (SSO) systems already available in education, like Google’s G Suite.

 

Microsoft Active Directory and others

Review the six other SAML-based IdPs that Esri supports, including ADFS 2.0+.  

 

Clever.com

Currently, Esri don't support Clever.com connections "out of the box".  We are exploring options that would allow districts to use the "Saved Passwords" mechanism in Clever to create an SSO experience in ArcGIS Online.

 

RapidIdentity

RapidIdentity supports SAML. Follow this guide to learn more about configuring your SSO connection to ArcGIS Online. 

 

The SSO landscape in schools today

At the time of this document's last update, we know of U.S. schools using the following SSO IdPs with ArcGIS Online: Google G Suite, Microsoft Active Directory, and RapidIdentity.

 

Beyond SSO

Scripting and tools like the Geo Jobe Admin Tools can be powerful additions to toolkits of administrators managing large AGO organizations.  See:

Outcomes