Please Support Single-Sign-On with Organizations that are setup with Enterprise Logins (SAML)

[pfoppe]

Our organization is setup with enterprise logins using SAML to our corporate Active Directory. The SAML Service is configured to support "Windows Authentication" using the Microsoft Negotiate security support provider (supports Kerberos and/or NTLM) for internal users. This provides a single-sign-on experience where once authenticated to the machine, the users do not need to pass their credentials again to applications or authentication services setup with Windows Authentication.

Here is our current experience with TilePackageKreator... When logging into the ArcGIS Online (AGOL) organization, and choosing the enterprise logins identity provider, a prompt for a username/password is presented. Our users have to explicitly pass their credentials to authenticate.

Can you update TilePackageKreator to support the SAML services running Windows Authentication (Negotiate)? The desired result is to have a user login to the SW using an AGOL + Enterprise Logins without providing their credentials (if their user account and machine are trusted on the internal network).

Thanks for the consideration.

[slibby]

I would add to this by saying that TPK should support web tier authentication for Portal as well. I believe that support for IWA/PKI-auth would also then roll into supporting @pfoppe's workflow.

[marikavertzonis]

Its been a little time since this request, but with version 1.5 of Tile Package Kreator we did some work to better support Enterprise. I have been able to successfully test sign to a portal with IWA. @pfoppe could you try 1.5 and comment here if it works in your described scenario?

I have also created an explanation of how to add Tile Package Kreator to Enterprise as a registered app. This would be required for all versions of Enterprise (as a Labs app its not pre-added at any version of Enterprise)