Organization-Specific Logins FAQ
2 | Page
This FAQ (Frequently Asked Questions) provides answers to common security questions related
to ArcGIS Organization-specific Logins, including Best Practice recommendations for SAML,
OAuth & Open ID Connect. The intended audience includes ArcGIS Admins, Security Admins, and
anyone implementing or managing the security settings of ArcGIS Online and ArcGIS Enterprise.
FAQ Contents
How can I login to ArcGIS with Organization-specific Logins? .......................................................... 4
Enforce strict HTTPS communication ................................................................................................. 5
Enable Signed Requests & Assertions ............................................................................................... 5
Encrypt Assertions ................................................................................................................................ 6
How do I manage Certificates for SAML Encryption & Signing? ....................................................... 7
Where can I find Signing & Encryption Certificates? ........................................................................... 8
Should I Encrypt Assertions with using Strong Ciphers?................................................................... 10
How does OAuth / Open ID work with ArcGIS? ................................................................................. 11
Can I also login with my Social Logins? ............................................................................................... 11
How do Social Logins work with ArcGIS? ............................................................................................ 12
Can I login from multiple sources? ...................................................................................................... 12
Does ArcGIS Online store my Organization-specific Login password? ........................................... 12
Multi-factor Authentication (MFA) ....................................................................................................... 13
If Organization-specific Logins are enabled for ArcGIS, will users be automatically added? ...... 13
Is setting the “join automatically” or “by invitation” a one-time decision? .................................... 13
What are the risks associated with allowing Organization-specific logins to “automatically join”
and how can I mitigate them? .............................................................................................................. 14
Does the ArcGIS Platform support both SP-Initiated logins and IDP-Initiated logins? ................ 14
Are there any reasons that ArcGIS Logins might be needed if using Organization-specific
Logins? ..................................................................................................................................................... 14
What SAML providers does ArcGIS support? ..................................................................................... 14
If a user already has an existing ArcGIS Online Login does the Enterprise Login replace it? ...... 15
Can user roles be assigned in the identity provider? ......................................................................... 15
Can groups from a SAML based IDP be linked to ArcGIS Groups? ................................................. 15
When is the best time to enable Organization-specific Logins? ...................................................... 15
Does ArcGIS Enterprise support Organization-specific Logins? ....................................................... 16
Does ArcGIS Maps for Office support Organization-specific Logins? ............................................. 16