HOW TO
This workflow is for the scenario where all admins in an ArcGIS Online organization use SAML to log in. If the SAML is broken and there are no built-in admins who can sign in to fix the problem, the administrators can perform the following steps.
Examples of 'broken' SAMLs
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="<ORG_URL>.maps.arcgis.com"> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIHFTCCBf2gAwIBAgIQBlKVkNvRIdJ8YhXCJ/QShzANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypEaWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMwODI1MDAwMDAwWhcNMjQwOTI0MjM1OTU5WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFJlZGxhbmRzMTcwNQYDVQQKEy5FbnZpcm9ubWVudGFsIFN5c3RlbXMgUmVzZWFyY2ggSW5zdGl0dXRlLCBJbmMuMRwwGgYDVQQDExNzYW1sLWlkcC5hcmNnaXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RU8ykyqyBJslnAcmwqs2ugwDpRwZPq7UBawunIcC/pp33zMZWi0SVDaHxXLw2hIaVRDrhFG0n/0/17M050nWyfGqVY66FBE5OTuLbbfwURsYr1FiBjYQB7XAIUcZe4Opsat3NN9csWuCazlRmjfnasuSrKQk+eZbhWZopkY1L6vl+1fXtckAxcg2px8MQgijb3jzhDxcERWnO4WEZ4Gdsze6KtGdGV35qB2EOWUwXyDMKXTiD8lIRxBNJZRWedmCuvQX7O+mNwxSC2JABWY7SgEhQybRRP+CcMLoHRN9cVFfT6Z/9JQ62OUFnLrsh4vHTv2WbBVW07dmkgPj4JBRQIDAQABo4IDozCCA58wHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFMYpgTRfJnTF/1899l5f4+78wAg+MDcGA1UdEQQwMC6CE3NhbWwtaWRwLmFyY2dpcy5jb22CF3d3dy5zYW1sLWlkcC5hcmNnaXMuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABii7EYyUAAAQDAEYwRAIgB6CsfMj3Hn3SukEBkZpS9yqCAcWQ1LnvUpV5xMuL1qACIByXYXpB6AkFx6u5I6dgypauP0uct5T8v8XFf7VJ8euPAHUASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGKLsRe3QAABAMARjBEAiAxPtBa/GXjP8d4a/0TZ1WBbWueiQXkjfgjdYPYzM3pZwIgGOw+N/AufPZxBHgL+vKhgkS3U+b7WK3g0FPjZkyWix4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYouxF6nAAAEAwBHMEUCIQDoaFzwqHwJ7OpMMa4h9eeItJR64M587uaQ3/Tml2UCAAIgI12J+1DrkhJFtdDgQdp+K9hy0iF3hzhX5DMaBYCDyq0wDQYJKoZIhvcNAQELBQADggEBAECiAGDVu/zXCyVN+xvIsQw+YRazHO6BX2K+lyrfdv+inQtKvOswfV/sJybkzIFWqli2JkPND/WrTxPsXS7V/hRDrNuHrLl40wpVMpFL9T/a/MRNC06sJB+1NrUdwlo9skL8II5YN/vyKiuMXAAcm6IJQcfg22iGEJb4fyQLQ86rXO+2Bl/2PRzvskVAzVv0ffcGJtN2FrwBkTZZglINTUXSKXrViUqY+tW9B8fjcnwCgyR1MA/42tL5z6bo2JPJtBgOOahMgxcQPbCDPL8MNS9/rARtkpQ1KonA0pIYN1QgPSk9jfroXodMEqfPkashuwkVfhpbJKA3ueet5ViM6K8=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIHFTCCBf2gAwIBAgIQBlKVkNvRIdJ8YhXCJ/QShzANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypEaWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjMwODI1MDAwMDAwWhcNMjQwOTI0MjM1OTU5WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFJlZGxhbmRzMTcwNQYDVQQKEy5FbnZpcm9ubWVudGFsIFN5c3RlbXMgUmVzZWFyY2ggSW5zdGl0dXRlLCBJbmMuMRwwGgYDVQQDExNzYW1sLWlkcC5hcmNnaXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RU8ykyqyBJslnAcmwqs2ugwDpRwZPq7UBawunIcC/pp33zMZWi0SVDaHxXLw2hIaVRDrhFG0n/0/17M050nWyfGqVY66FBE5OTuLbbfwURsYr1FiBjYQB7XAIUcZe4Opsat3NN9csWuCazlRmjfnasuSrKQk+eZbhWZopkY1L6vl+1fXtckAxcg2px8MQgijb3jzhDxcERWnO4WEZ4Gdsze6KtGdGV35qB2EOWUwXyDMKXTiD8lIRxBNJZRWedmCuvQX7O+mNwxSC2JABWY7SgEhQybRRP+CcMLoHRN9cVFfT6Z/9JQ62OUFnLrsh4vHTv2WbBVW07dmkgPj4JBRQIDAQABo4IDozCCA58wHwYDVR0jBBgwFoAUdIWAwGbH3zfez70pN6oDHb7tzRcwHQYDVR0OBBYEFMYpgTRfJnTF/1899l5f4+78wAg+MDcGA1UdEQQwMC6CE3NhbWwtaWRwLmFyY2dpcy5jb22CF3d3dy5zYW1sLWlkcC5hcmNnaXMuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgZ8GA1UdHwSBlzCBlDBIoEagRIZCaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3JsMEigRqBEhkJodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABii7EYyUAAAQDAEYwRAIgB6CsfMj3Hn3SukEBkZpS9yqCAcWQ1LnvUpV5xMuL1qACIByXYXpB6AkFx6u5I6dgypauP0uct5T8v8XFf7VJ8euPAHUASLDja9qmRzQP5WoC+p0w6xxSActW3SyB2bu/qznYhHMAAAGKLsRe3QAABAMARjBEAiAxPtBa/GXjP8d4a/0TZ1WBbWueiQXkjfgjdYPYzM3pZwIgGOw+N/AufPZxBHgL+vKhgkS3U+b7WK3g0FPjZkyWix4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYouxF6nAAAEAwBHMEUCIQDoaFzwqHwJ7OpMMa4h9eeItJR64M587uaQ3/Tml2UCAAIgI12J+1DrkhJFtdDgQdp+K9hy0iF3hzhX5DMaBYCDyq0wDQYJKoZIhvcNAQELBQADggEBAECiAGDVu/zXCyVN+xvIsQw+YRazHO6BX2K+lyrfdv+inQtKvOswfV/sJybkzIFWqli2JkPND/WrTxPsXS7V/hRDrNuHrLl40wpVMpFL9T/a/MRNC06sJB+1NrUdwlo9skL8II5YN/vyKiuMXAAcm6IJQcfg22iGEJb4fyQLQ86rXO+2Bl/2PRzvskVAzVv0ffcGJtN2FrwBkTZZglINTUXSKXrViUqY+tW9B8fjcnwCgyR1MA/42tL5z6bo2JPJtBgOOahMgxcQPbCDPL8MNS9/rARtkpQ1KonA0pIYN1QgPSk9jfroXodMEqfPkashuwkVfhpbJKA3ueet5ViM6K8=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signout"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signin" index="1"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://<ORG_URL>.maps.arcgis.com/sharing/rest/oauth2/saml/signin" index="2"/> </md:SPSSODescriptor> <md:Organization xml:lang="en"> <md:OrganizationName xml:lang="en">ORG_NAME</md:OrganizationName> <md:OrganizationDisplayName xml:lang="en">ORG_NAME</md:OrganizationDisplayName> <md:OrganizationURL xml:lang="en">https://<ORG_URL>.maps.arcgis.com</md:OrganizationURL> </md:Organization> </md:EntityDescriptor>
Get help from ArcGIS experts
Download the Esri Support App