Could the user's role be assigned via a configured attribute within the SAML assertion. This seems to be the missing piece when setting up enterprise logins via IDPs
Occasionally also bumping to this and instead of "hacking" or "lacking" this, it would be useful IF this could optionally be activated from the Portal's SAML (and in the future from oAuth) settings.
E.g. like IF Portal SAML settings define to use the SAML (e.g. AD) roles for SAML users (enterprise) AND user has predefined "ArcGIS role" e.g. "publisher" set in the IdP / SAML response, Portal would assign this ArcGIS role to the user automatically.
Yes, there is "challenge" with downgrading as in worst case there should be some actions needed for the users contents too - but this could be easily handled or restricted to allow downgrading only for "similar" roles (e.g. publisher vs. editor). In many cases it's also acceptable to place the content to a predefined folder with subfolder of the user nameid.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
