Many of you are already using enterprise logins with ArcGIS Online and ArcGIS Enterprise for one set of credentials to sign in into multiple accounts using Security Assertion Mark-up Language (SAML) authentication. We’ve seen significant growth in organizations enabling this capability as it allows administrators to give their members a convenient way to use the same enterprise username and password across multiple ArcGIS organizations.
Default administrators and those with the correct privileges can configure security settings for enterprise logins, sign in options, multifactor authentication, access notices, trusted servers, portal access, and more.
Advantages of using enterprise logins
The advantages of using SAML-based enterprise logins include:
- Securely authenticate and access multiple organizations using a single sign-on (SSO)
- Members do not need to create and manage additional logins
- Reduce administrative work for managing members across multiple organizations
SSO can have a positive impact on productivity. It expedites access to an organization’s resources. Users log in once and the amount of time saved might seem small, but time normally spent finding and logging into individual accounts adds up. SSO also minimizes the time users spend dealing with password-related frustrations, since they only need to remember and enter a single set of credentials. This is a huge benefit when you consider that most users have to remember an average of 40 passwords.
When members sign-in to ArcGIS Online, they enter their enterprise username and password directly into the organization’s enterprise login manager, also known as your enterprise identity provider (IDP). After verifying the member’s credentials, the enterprise IDP informs ArcGIS Online of the verified identity for the member who is signing in.
SAML is an XML-based framework used to authorize, authenticate and communicate attributes and privileges of an organization member. ArcGIS Online supports SAML 2.0 for configuring enterprise logins. SAML is an open standard for securely exchanging authentication and authorization data between an IDP (your organization) and a service provider (SP)—in this case, ArcGIS Online. ArcGIS Online is compliant with SAML 2.0 and integrates with IDPs that support SAML 2.0 web single sign-on.
Improved Enterprise Login configuration and management
The recent ArcGIS Online update in December optimized the configuration process for enterprise logins by improving the IDP setup, which includes a URL link to download the Service Provider (SP) metadata XML file. Including this URL is important for several reasons:
- The ArcGIS Online SAML Certificate expires every 2 years
- The SP metadata URL link will allow the IDP administrator to easily check and obtain the SP’s renewed SAML certificate (Some IDPs may have the ability to do this automatically)
- Administrative management and potential organization down time due to certificate expiration are reduced
Implementing enterprise logins will allow your members to conveniently use one set of credentials across multiple organizations. The latest enhancements in enterprise login configuration with our December update of ArcGIS Online now makes it easier to manage and administer.
For detailed enterprise login setup and configuration information, please view the following links: