In response to California Assembly Bill 1637, requiring us to change our domains to either .gov or .ca.gov, our IT department is changing all user's email addresses and UPN's resulting in our ArcGIS Online and ArcGIS Enterprise environments seeing these users as new users as our authentication is using SAML and the SAML ID is changing.
I would like to be able script this process rather than having to handle it one by one, but while I have been able to create a SAML user with the same permissions as the old username, I have not been able to script the checking to see if the user has a license and if they do, revoke the license and assign it to the new user.
Has anyone done anything like this? If so can you help point me in the right direction as I am not seeing anything in the documentation.
Just for reference is here is the function that I am currently working with:
def transferusers(uname):
for user in users:
if user.username == uname:
new_username = user.idpUsername[:-5]+'.gov'
target_user = gis.users.create(username=new_username,
password='None',
firstname = user.firstName,
lastname = user.lastName,
email = new_username,
description = user.description,
provider="enterprise",
level=int(user.level),
role=user.roleId)
usergroups = user['groups']
for group in usergroups:
if group['provider'] != 'enterprise':
grp = gis.groups.get(group['id'])
if (grp.owner == user.username):
grp.reassign_to(target_user)
else:
grp.add_users(target_user)
grp.remove_users(user)
usercontent = user.items()
folders = user.folders
for item in usercontent:
try:
item.reassign_to(target_user)
except Exception as e:
print('An exption occured while trying to reassign content. {}'.format(e))
for folder in folders:
gis.content.create_folder(folder['title'], target_user)
folderitems = user.items(folder=folder['title'])
for item in folderitems:
try:
item.reassign_to(target_user, target_folder=folder['title'])
except Exception as e:
print('An exption occured while trying to reassign content. {}'.format(e))
try:
user.delete()
print('Deleted {}'.format(user.username))
except Exception as e:
print('An Excpetion occured while trying to delete the user. {}'.format(e))
Hi @GregMattisGov,
Take a look at the scripts in the below link. I've used this solution for several customers to migrate built-in accounts to enterprise (active directory or SAML) accounts. It should work the same going from SAML to SAML, and it will migrate the add-on licenses (i.e. Pro) as well.