Create User Fails

RamakrishnaBillakanti · ‎09-15-2021

My portal is configured for Azure/Saml Authentication. Purposed of creating user is to enable automation of creating users. I'd the code working successfully in 10.6.1 but upgrading to 10.7.1 is failing. I'm seeing when creating a user.

500,"message":"The user's role does not allow the specified user type to be set.","details":null}}:
15-Sep-21 23:06:25:ERROR:The user's role does not allow the specified user type to be set.:

Same code worked in 10.6.1 but wondering what is failing in 10.7.1. Any help is really appreciated or may be an example for 10.7.1 reference will be great. I'm unable crack the code from https://developers.arcgis.com/rest/enterprise-administration/portal/create-user.htm

MehdiPira1 · ‎09-15-2021

@RamakrishnaBillakanti ,

Is it possible to share your script?

RamakrishnaBillakanti · ‎09-16-2021

def addUsersToArcGisPortalGroups():
logging.debug("\nSyncing groups between AzureAD and Mobile Portal by adding new members to Portal using list from AzureAD\n")
print("\nSyncing groups between AzureAD and Mobile Portal by adding new members to Portal using list from AzureAD\n")
allPortalUsers = gis.users.search()
usernames = []
logging.debug("ADMIN group:")
print("ADMIN group:")
for userid in allPortalUsers:
usernames.append(userid['username'])
if len(adminsToADD) != 0:
for admin in adminsToADD:
fname = (adminusersDict[admin]['NAME'].split(", ", 1)[1]).split(" ", 1)[0]
lname = adminusersDict[admin]['NAME'].split(", ", 1)[0]
email = (adminusersDict[admin]['UID']) + "@Org.com"
#email = (adminusersDict[admin]['UID']).upper() + "@Org.com"
idp_username = email
username = email
password = None
description = "IT-GIS Admins, who have the highest privileges"
#Note: A possible esri bug is causing createUser function to fail when role names are given as-is.
# Hence I have used system generated role name by taking a fiddler capture of the form data after manually adding users to portal
role = 'account_admin'#"org_admin"
provider = 'enterprise'
level = 2

if (admin + "@Org.com") not in usernames:
logging.debug("\t{} {} is not a member of Mobile Portal. Adding..".format(fname.capitalize(), lname.capitalize()))
print("\t{} {} is not a member of Mobile Portal. Adding..".format(fname.capitalize(), lname.capitalize()))
gis.users.create(username=username,
firstname = fname,
lastname = lname,
password = password,
email = email,
idp_username = idp_username,
description = description,
role = role,
provider = provider,
level = level)
logging.debug("\t\tAdded")
print("\t\tAdded")
else:
logging.debug("\tUser is already a member of portal")
print("\tUser is already a member of portal")

admingroups = ('Org - Mobile Admins', 'Org Tenant', 'Org - Mobile Viewers')
for admgroup in admingroups:
admini = gis.groups.search(admgroup)[0]
if username not in admini.get_members().get('users'):
logging.debug("\tAdding {} {} - {} to {} built-in group".format(fname.capitalize(), lname.capitalize(), admin, admgroup))
print("\tAdding {} {} - {} to {} built-in group".format(fname.capitalize(), lname.capitalize(), admin, admgroup))
admini.add_users(username)
logging.debug("\t\tAdded")
print("\t\tAdded")

else:
logging.debug("\tUser is already a member of {0} built-in group".format(admgroup))

logging.debug("\tADMIN group is now in Sync\n")
print("\tADMIN group is now in Sync\n")

else:
logging.debug("\tADMIN group is already in Sync\n\n")
print("\tADMIN group is already in Sync\n\n")

mdonnelly · ‎09-16-2021

Try dropping the idp_username parameter. I don't use it and I am able to create enterprise users.

Regards,
Mark

mdonnelly · ‎09-16-2021

Hi,

I've had success creating enterprise users with the following at 10.8.1:

target_user = target_portal.users.create(source_user.username, password, first_name,
last_name, source_user.email,
source_user.description,
provider=\"enterprise\",
level=int(source_user.level),
role=user_role)

Regards,
Mark