Community

Add additional managers to Active Directory based groups in Portal

904
2
03-12-2019 08:59 AM
Status: Already Offered
BrendanColes
by
New Contributor III

In Portal we want to create groups that are based off of active directory groups. We do not want everyone to be able to contribute to the group, but we want more than just the group owner to be able to contribute. Since the group is based off of an active directory group, the members tab isn't visible and therefore there is no way thought the UI to do this.

I've found a work around by switching the group to invite only, changing a member's permission to manager, then reverting the group back to AD membership. However this is convoluted and not user friendly, especially as we delegate group management to other users who may not be as technical. 

When looking at portal's sharing rest api, even when a group is based off of active directory, Portal does show the list of members. This means the system is generating and tracking a list of members, but not making the UI for that list available. 

Please add the ability to designate additional managers for these AD group based groups.

2 Comments
AnthonyRyanEQL
by
‎04-26-2020 04:37 PM

Total agree with this and believe Esri Inc need to release the next parts AD/SAML functionality ASAP. I'm happy they have a road map for implementation but not a road map of implementing a small feature, taking a 2-3year hiatus, next small enhancement, etc, etc. They've made the commitment and lets see it fully implemented of 2-3 releases unless there is a technology limitation

Sarah_Hanson
by Esri Contributor
‎06-28-2023 02:36 PM
Status changed to: Already Offered

This is possible today! I will share the details below:

In ArcGIS Enterprise, you can create a group with membership set by an Active Directory group, with the content contribution option set to Group owner and managers, like this:

Sarah_Hanson_0-1687987575168.png

Then, update the role of any members who you would like to be able to contribute content to Group Manager by selecting their name in the member's list for the group and choosing Update member's group role:

Sarah_Hanson_1-1687987623679.png

Once their role has been updated to Group Manager:

Sarah_Hanson_2-1687987737445.png

They will be able to contribute content to the group. There is one important caveat though that I found while testing, which is that the Group Manager will needs to contribute content to the group using the 'Add items to group' button on the content tab within the group:

Sarah_Hanson_3-1687987884364.png

If they try to add it another way, such as browsing for content within the organization's main content tab, they will find that the group is not listed to share to. This is a known limitation. 

I hope this information helps. If you have further ideas, please feel free to share them with us!