Select to view content in your preferred language

Provide a way to identify Portal accounts that are no longer part of SAML providers users

464
0
01-18-2023 09:17 AM
Status: Open
TonyContreras_Frisco_TX
Frequent Contributor

As requested by our Security Officer, I am looking for a way to disable/delete accounts in our ArcGIS Enterprise that come from our Azure AD IDP if the user is no longer in our Active Directory. I understand that the user should not be able to log in if they don't exist at the  IDP level, however I would like to free up licenses if needed and give added peace of mind to our Security Team. So far I have not found an intuitive and built-in way to accomplish this. Plus I want to keep valid users even if they haven't logged in for a log time or never logged in at all. There is an existing Idea for Active Directory users, but I am using a SAML provider rather than going directly to Active Directory.

I think this should available in both the Portal interface and the ArcGIS python API.