Account management

Learn how to manage your ArcGIS Location Platform account settings and preferences.

Sign up

To start building applications with ArcGIS Location Platform, you need an account. If you have not done so already, sign up for an ArcGIS Location Platform account. You can sign up for free and access location services through a generous free tier of service.

When you sign up for an account you will need the following:

1. An email address that is not currently assigned to another ArcGIS Location Platform account. You will be asked to verify your email as part of the sign-up process. Be sure to allow email from no-reply@esri.com in order to receive operational emails from Esri in a timely manner.
2. User name requirements:
   • must be unique (cannot be the same name assigned to another ArcGIS user)
   • must be between 6 and 128 characters in length
   • must not include any special characters other than . (dot), _ (underscore), @ (at sign), and - (hyphen)
   • dot, hyphen, underscore or at sign cannot be the first or last character of the username
   • must not include spaces
3. Password requirements:
   • must not match your user name
   • must be at least 8 characters in length
   • must have at least one letter and at least one number
4. Assign a unique portal URL. Your portal is where you will create and manage your content and services. Your portal URL provides easy access to your content. The following rules apply to the portal URL:
   • must be at least 3 characters and no longer than 16 characters
   • must contain only the ASCII letters a through z (case-insensitive), the digits 0 through 9, and the hyphen (-)
   • must not be assigned to another ArcGIS.com portal
   • For example, if your company name is Example Co., you may choose a portal URL example-co, and your full portal URL will be https://example-co.maps.arcgis.com. This URL cannot be changed after your account is created.
5. Assign a security question and your answer.
6. Accept the ArcGIS Location Platform agreement and Esri's privacy policy.

After you complete the sign up form you will receive a confirmation email. Complete the sign up process by following the instructions in the email. You have up to 24 hours to activate your account.

Get started for free with ArcGIS Location Platform

Account preferences

Learn how to use the Preferences page to manage your ArcGIS Location Platform account settings and preferences.

• About you helps us provide you with the most relevant content recommendations on your dashboard pages and email communications. You initially answered these at sign up. You can visit this preferences page at any time to update your preferences.

• Email communication preferences leads to a page on esri.com where you can manage all your email communications from Esri in one place.

• Account settings takes you to a user profile page on your portal where you can update account settings such as login, password and security, or linked accounts information.

• Usability studies if you are interested to help us improve ArcGIS Location Platform and you are a fit with an active user experience study, we will send you an email to invite you to participate. Since these activities are completely voluntary, you can always say no to an invite.

• "Do not show this message again" checkboxes where you can reset all "Do not show this message again" checkboxes in your ArcGIS Location Platform experience.

Change your email address

Follow these steps to change your email address.

1. Log in to your account at location.arcgis.com.
2. In the upper right corner of the top navigation bar, click your user name. This will open a menu.
3. Click Profile settings. This will navigate to your portal app home screen.
4. From your portal app home screen, click the Organization tab in the top-nav.
5. From your organization overview page, click on the Members tab.
6. In the list of your organization members, identify the account to update and click the 3 dots ... that appear on the right column of that row.
7. Click Edit email address.
8. Enter your new email address, and then reenter the same email address, and then click Save.
9. Within a few minutes you will receive an email on the new email address asking you to confirm the new address. This must be done within 60 minutes or the account will revert back to the prior email address.
10. Once confirmed you will receive another email confirming your account changes.

Manage your email subscriptions

If you signed up for email from Esri and you would like to manage your email subscriptions, do the following:

1. Log in to your account at location.arcgis.com.
2. In the upper right corner of the top navigation bar, click your user name. This will open a menu.
3. Click Profile settings. This will navigate to your portal app home screen.
4. Near the bottom of your user profile card, click View my settings.
5. With the General tab selected, scroll the page near the bottom to the section Manage email from Esri, and click Set email preferences.
6. From the Manage your subscriptions page there are several choices, follow the instructions.

Change your profile picture

Follow these steps to change the profile picture that appears on your account. Profile images can be 200x200 PNG formatted images.

1. Log in to your account at location.arcgis.com.
2. In the upper right corner of the top navigation bar, click your user name. This will open a menu.
3. Click Profile settings. This will navigate to your portal app home screen.
4. From your portal app home screen, click on the existing user image.
5. An Update profile photo modal will open. You can drag and drop a new image or click browse... to locate a new image from your device.
6. Use the slider to scale your new image to fit. You can also click Change photo to select a different image.
7. When you are done, click Save.

Change your password

Follow these steps to change your account password. Before you start you will need your current account password and a new password that meets the ArcGIS security standard as noted below.

1. Log in to your account at location.arcgis.com.
2. In top nav, click your account and then click Profile settings.
3. From your profile page, click View my settings.
4. On the My settings page, click Security.
5. In the section Password and Recovery, click Change password.
6. Enter your old password, your new password, and confirm your new password, and then click Change Password.

The new password must:

• Not match username
• The new password cannot be the same as the old password.
• Be at least 8 characters long
• Contain at least 1 letter (A-Z, a-z)
• Contain at least 1 number (0-9)

Inactive account

Esri determines inactive ArcGIS Location Platform subscriptions by reviewing your payment status and service transaction history.

To maintain active status, your ArcGIS Location Platform subscription must meet at least one of the following criteria:

• Enable pay-as-you-go and have a valid credit card on file, or have an active voucher or purchase order on file with a positive balance.
• Have recorded usage on at least one (non-storage) location service in the prior 12 months/12 billing cycles.

An account that does not meet this criteria is considered inactive and is scheduled for suspension and then deletion.

If your account is identified as inactive, your account is suspended and a notification email is sent to the email address registered to your account. At this point you have 30 days to resolve the suspended status by taking one of the actions above and described in the email. While your account is suspended, you can log in to your account and your data is still available for download. After 30 days, if the suspended status is not resolved, your subscription is cancelled. One final email is sent to the email address registered to your account.

Cancelled accounts can be reconciled within 14 days but require you to contact Esri Customer Service or your local distributor. After 14 days the cancelled subscription is converted to an ArcGIS public account and any data associated with the account is deleted. The deleted data cannot be recovered and the account user name cannot be reused. An email is sent to the email address registered to the account as notification of the account deletion.

Account suspension

Your account may get suspended if one of the following conditions are true:

• Attempt to bill your payment method failed.
• You have a non-zero billing balance but do not have a valid payment method on file.
• Abuse was detected on your account and your account was suspended to limit the abuse.

If your account gets suspended, a notification email is sent to the email address registered to your account. At this point you have 30 days to resolve the suspended status by taking one of the actions above and described in the email. After 30 days, if the suspended status is not resolved, your subscription is cancelled. One final email is sent to the email address registered to your account.

In most cases, a suspended account can be reactivated by going to your dashboard billing page and updating your payment method. If this does not resolve your issue, or your account was suspended for another reason, you must contact Esri Customer Service or your local distributor. Have your subscription ID available.

Configuring organization-specific logins

In addition to your ArcGIS Location Platform account login, users can also sign in with SAML or OpenID Connect.

Configuring organization-specific logins enables members of your development team to sign in to ArcGIS Location Platform using the same logins they use to access your organization's internal systems through your identity provider (IdP). When members sign in to ArcGIS Location Platform, they provide their organization-specific username and password directly with your organization's login manager. Upon verification of the member's credentials, the IdP informs ArcGIS Location Platform of the verified identity for the member who is signing in and associates the login with their ArcGIS Location Platform account.

In order to proceed with organization-specific login configuration you must be signed in as an administrator of your organization.

SAML

ArcGIS Location Platform supports SAML 2.0 (Security Assertion Markup Language) for configuring SAML logins. SAML is an open standard for securely exchanging authentication and authorization data between an Identity Provider (IdP, provided by your organization), and a service provider (SP). In this case, ArcGIS Location Platform is the service provider compliant with the SAML 2.0 protocol and integrates with IdPs that support SAML 2.0, such as Active Directory Federation Services (AD FS), Google Workspace, Microsoft Entra, and Okta.

There are two different ways to configure SAML login: single IdP provider or federated IdP providers.

1. In most situations, organizations set up their SAML logins using a single IdP. This IdP authenticates users accessing secured resources that are hosted across multiple service providers. The IdP and all service providers are managed by the same organization.
2. Alternatively, you may configure your organization to use a SAML-based federation of IdPs. In a SAML-based federation between multiple organizations, each member organization continues to use their own IdP but configures one or more of their service providers to work exclusively within the federation. To access a secured resource shared within the federation, a user authenticates their identity with their home organization's IdP. Once successfully authenticated, this validated identity is presented to the service provider hosting the secured resource. The service provider then grants access to the resource after verifying the user's access privileges.

You can configure the ArcGIS Location Platform sign-in page to show only the SAML login, or show the SAML login along with any of the following options: ArcGIS Location Platform login, OpenID Connect login (if configured), and social media logins (if previously configured). This is done from your portal settings page.

Before proceeding, contact your IdP administrator to obtain the necessary parameters for SAML configuration. These parameters will depend on the configuration choices you make in the instructions below. You can also access and contribute to detailed third-party IdP configuration documentation in the ArcGIS/idp GitHub repository.

To ensure that your SAML logins are configured securely, review the best practices for SAML security.

1. Log in with your ArcGIS Location Platform account. Confirm that you are signed in as an administrator or custom role with privileges to configure security settings.
2. Go to your portal, click in the top-navigation bar.
3. Click Organization > Settings > Security
4. Click Logins (or scroll the page to the Logins section.)
5. Click the New SAML login button.
6. Choose an identity provider configuration (one provider, or federation.)
7. Click Next

One identity provider

On the Set SAML login dialog, Specify properties tab:

Name: Enter a name to identify your organization. This is used on the ArcGIS Location Platform login screen to indicate to your users they are logging in with your SAML IdP by selecting Your ArcGIS Location Platform organization's URL.

Choose which method Your users will be able to join:

• Automatically: a new user account is created for each unique SAML ID on first login. If you choose this option, you can still invite members to join the organization or add them directly using their SAML ID.
• Upon invitation from an administrator: the administrator must use the invite new user form and the returning user must match with the account.

Specify the metadata source file that is provided by your IdP by selecting one of the following options:

• URL: The URL to a resource that contains the configuration metadata that is located on a server provided by your IdP.
• File: Browse for a file on your device that contains the configuration metadata.
• Parameters specified here: enter the three required configuration parameters:
  • The URL to redirect a user to log in, this is a URL provided by your IdP.
  • The URL to POST the signed login request, also provided by your IdP.
  • The signed certificate, generated by your IdP. The certificate is encoded in Base64 format. It allows ArcGIS Location Platform to verify the digital signature in the SAML responses sent to it from the IdP.

When finished, click Save.

A federation of identity providers

On the Set SAML login dialog, Specify properties tab:

Name: Enter a name to identify the federation. This is used on the ArcGIS Location Platform login screen to indicate to your users they are logging in with your SAML federation.

Choose which method Your users will be able to join: Choose how members with SAML logins will join your ArcGIS Location Platform organization: automatically or through an invitation. The automatic option allows members to join the organization by signing in with their SAML login. With the invitation option, an email invitation is sent to a new user that includes instructions on how to join the organization. If you choose the automatic option, you can still invite members to join the organization or add them directly using their SAML ID.

Federation Discovery Service URL: Provide the URL to the centralized IdP discovery service hosted by the federation, for example, https://wayf.samplefederation.com/WAYF.

Metadata Aggregate URL: Provide the URL to the federation metadata, which is an aggregation of the metadata of all IdPs and SPs participating in the federation.

Certificate to validate the aggregated metadata: Copy and paste the certificate, encoded in Base64 format, that allows the organization to verify the validity of the federation metadata. This certificate is provided by your IdP administrator.

Advanced settings

When finished, click Save.

Complete SAML configuration

To complete the configuration process, establish trust with the federation's discovery service (if applicable) and the IdP by registering the ArcGIS Location Platform service provider (SP) metadata with them.

There are two ways to obtain this metadata:

1. Click Download service provider metadata to download the metadata file for your organization.
2. Open the URL of the metadata file and save it as an .xml file on your computer. You can view and copy the URL in the Edit SAML login window under Link to download the service provider metadata.

Links to instructions for registering the SP metadata with certified providers are available in the SAML IdPs section above. If you selected A federation of identity providers, once you've downloaded the SP metadata, contact the administrators of the SAML federation for instructions on how to integrate your SP metadata into the federation's aggregated metadata file. You will also need instructions from them to register your IdP with the federation.

Update SAML certificate

Once you have enabled signed and/or encrypted SAML assertions on your organization, you must update the signing certificate when it expires. The certificate used to sign SAML requests and encrypt the assertion response is managed by ArcGIS Location Platform and renewed annually (see Best practices for SAML security).

1. Download the updated metadata file from ArcGIS Location Platform:

   • Login to your portal.
   • Navigate to Organization > Settings > Security.
   • Scroll down to Logins > SAML login
   • Click Download service provider metadata link. This action will download the metadata file (which contains the updated certificate) which you will upload to your SAML IdP.

2. Upload the metadata file into your SAML Identity Provider (IdP). Locate the app entry for your ArcGIS Location Platform organization. Upload the updated metadata file downloaded from your ArcGIS portal to your SAML IdP.

Administrators who have enabled the feature: Allow Encrypted Assertion must also complete the following steps:

3. Extract the certificate from the ArcGIS Location Platform metadata file. Extract and validate the certificate within the metadata.xml file by copying the characters between the <X509Certificate> and </X509Certificate> tags, pasting the data to an empty file and saving it with a .cer extension.

4. Update the Token Encryption certificate within your Enterprise (SAML) IdP.

   • Within your Enterprise (SAML) IdP Application configuration, locate the entry for your ArcGIS Location Platform configuration.
   • Upload (and activate) the extracted certificate to the Encryption feature of the Enterprise (SAML) IdP App entry for ArcGIS Location Platform. Refer to your Enterprise Identity Provider’s documentation for specific instructions on this workflow.

OpenID Connect

ArcGIS Location Platform supports the OpenID Connect authentication protocol and integrates with Identity Providers (IdPs) such as Okta and Google that support OpenID Connect.

You can configure the ArcGIS Location Platform sign-in page to show only the OpenID Connect login or show the OpenID Connect login along with any of the following options: ArcGIS login, SAML login (if configured), and social logins (if previously configured).

Before proceeding, it is recommended that you contact the administrator of the IdP to obtain the parameters needed for configuration. You can also access and contribute to detailed third-party IdP configuration documentation in the ArcGIS/idp GitHub repository.

1. Log in with your ArcGIS Location Platform account. Confirm that you are signed in as an administrator or custom role with privileges to configure security settings.
2. Go to your portal, click in the top-navigation bar.
3. Click Organization > Settings > Security
4. Click Logins (or scroll the page to the Logins section.)
5. Click the New Open ID Connect login button.

On the Set up OpenID Connect login dialog:

Login button label: In the Login button label text box, provide the text that you want to appear on the button that members use to sign in with their OpenID Connect login.

Let new members join:

• Automatically: allows members to join the organization by signing in with their OpenID Connect login. A new user account is created for each unique OpenID Connect on first login. If you choose this option, you can still invite members to join the organization or add them directly.
• Upon invitation from an admin: the administrator must use the invite new user form and the returning user must match with the account. The email invitation includes instructions on how to join the organization.

Registered client ID: Provide the client ID from the IdP.

Authentication method: Choose one of the following options:

• Client secret: Provide the registered client secret from the IdP.
• Public key / Private key: Choose this option to generate a public key or a public key URL for authentication. If your IdP configuration uses a saved public key instead of the public key URL, generating a new key pair will require you to update the public key in your IdP configuration to prevent sign-in disruptions.

Provider scopes/permissions: Provide the scopes to send along with the request to the authorization endpoint. ArcGIS Location Platform supports scopes corresponding to the OpenID Connect identifier, email, and user profile attributes. You can use the standard value of openid profile email for scopes if it is supported by your OpenID Connect provider. Refer to your OpenID Connect provider's documentation for the supported scopes.

Provider issuer ID: Provide the identifier for the OpenID Connect provider from the IdP.

For the following configuration parameters, refer to the well-known configuration document for the IdP. For example, in https:/[IdPdomain]/.well-known/openid-configuration. This information should be supplied by the IdP.

OAuth 2.0 authorization endpoint URL: Provide the URL of the IdP's OAuth 2.0 authorization endpoint.

Token endpoint URL: Provide the URL of the IdP's token endpoint for obtaining access and ID tokens.

JSON web key set (JWKS) URL: Optionally, for JSON web key set (JWKS) URL, provide the URL of the IdP's JSON Web Key Set document. This document contains signing keys that are used to validate the signatures from the provider. This URL is only used if User profile endpoint URL (recommended) is not configured.

User profile endpoint URL (recommended): Provide the endpoint for getting identity information about the user. If you do not specify this URL, the JSON web key set (JWKS) URL option is used instead.

Logout endpoint URL (optional): Optionally, provide the URL of the authorization server's logout endpoint. This is used to sign out the member from the IdP when the member signs out from ArcGIS.

Send access token in header: Turn on the toggle button if you want the token sent in a header instead of a query string.

Use PKCE enhanced Authorization Code Flow: When this option is turned on, the Proof Key for Code Exchange (PKCE) protocol is used to make the OpenID Connect authorization code flow more secure. Every authorization request creates a unique code verifier, and its transformed value, the code challenge, is sent to the authorization server to obtain the authorization code. The code challenge method used for this transformation is S256, which means that the code challenge is a Base64 URL-encoded, SHA-256 hash of the code verifier.

Enable OpenID Connect login based group membership: Currently has no effect for ArcGIS Location Platform.

ArcGIS username claim (optional): Provide the name of the claim from the ID token that will be used to set up the ArcGIS username.

The value you provide must adhere to the ArcGIS username requirements. An ArcGIS username must contain 6 to 128 alphanumeric characters and can include the following special characters: . (dot), _ (underscore), and @ (at sign). Other special characters, non-alphanumeric characters, and spaces are not allowed.

If you specify a value with fewer than six characters, or if the value matches an existing username, numbers are added to the value. If you leave this field blank, the username is created from the prefix of the email if available; otherwise, the ID claim is used to create the username.

When you're finished, click Save.

Complete OpenID Connect login configuration

If you are using an OpenID Connect login, keep the default subject identifier (sub) attribute sent in the ID token from the OpenID Connect provider as the user identifier. If you need to use a custom claim for the user identifier, provide the name of the claim from the ID token that will be used to set up the user identifier.

Click the Configure login link next to OpenID Connect login.

To complete the configuration process, copy the generated Login Redirect URI and Logout Redirect URI values (if applicable), and add them to the list of allowed callback URLs for the OpenID Connect IdP. If applicable, copy the public key or public key URL for the OpenID Connect IdP.

Social media

Social media login is only supported for accounts that were created as an ArcGIS Developer subscription before June 2024 and were migrated to ArcGIS Location Platform. At this time new signup with a social media account is not supported.

Supported identity providers are Apple, Facebook, Google, GitHub.