Unable to generate tokens using ArcGIS Enterprise SAML-authenticated accounts

Description

Configuring a Security Assertion Markup Language (SAML) identity provider with ArcGIS Enterprise allows users to log into the organization using the credentials set up in an identity store without creating additional logins. However, when using a SAML login in ArcGIS Enterprise, users are unable to generate access tokens to provide temporary authorization for system access.

Cause

This issue is by design. It is not possible to allow token-based security with SAML-authenticated accounts without undermining the security provided by the SAML identity provider.

Solution or Workaround

In ArcGIS Enterprise, configure and use OAuth 2.0 to generate temporary access tokens with a SAML-authenticated account. Refer to Mapping APIs and location services: OAuth 2.0 for more information.