AnsweredAssumed Answered

Single Sign On experience with SAML on ArcGIS Enterprise ?

Question asked by NicolasGIS on Feb 15, 2020
Latest reply on Jun 30, 2020 by NicolasGIS



I am trying to figure out if it is possible to provide a single sign on experience in applications built with data from ArcGIS Enterprise that requires the user to authenticate on the plateforme.


Our portal is configured to use Enterprise Login via SAML with only one identity provider so users do not have any choice on the "sharing/rest/oauth2/authorize" page but to sign in to our IDP. I think it would make sense to forward them straight to the IDP but I believe it is not possible.


Many of our web applications are already secured with SAML and the map in the application built with secured data from ArcGIS Enterprise is just a small part of it. So once the user authenticate on the web application, the map does not show up because they have to authenticate once again to ArcGIS Enterprise. Users are a bit confused (I thought I was already signed in ?!) as there are used to the SSO experience.


I found out how to get rid of the authorization form "Request for Permission" by adding the web application to the "App Launcher" settings (too bad there is not a dedicated setting for that because ideally I would not want the app to be in the app launcher of ArcGIS Enterprise but just to be configured as "will not prompt members with the 'Request for Permissions' dialog" but that is just a small detail), but I cannot find a way to force the authentification to the IDP.


Any idea ? Did I miss anything ? 


Thanks for your feedback !