We are running arcgis enterprise 10.8.1 using SAML 2.0 with enterprise groups enabled.
I have found that admins cannot share content to groups they are not a member of, does anyone know if this is by design or are we possibly having an issue? I would think someone with admin privileges should be able to assign content regardless of whether they are a member of the group or not.
right now our groups are all using saml enterprise group membership so we cannot manually add admins to all the groups since all the groups are based on our active directory setup for different departments. The current workaround is that we can share to the group if we own the group but we have to be in the the group to own it so we end up having to turn off the enterprise group membership for that group then make one of us the owner then go back and turn on the enterprise group option.
The only workaround I can think of right now is just assigning all groups and content to a single local portal admin account and then we all login as that account when we need to mess with sharing or permissions.
does anyone run into this issue? and if so are there any work arounds or better workflows so all my admins can have an easier time sharing each others content without changing ownership on everything?
Solved! Go to Solution.
thanks for the comment, I was worried that would be the answer. For now I have had our team create clones of all the groups we needed in active directory and included us in those groups, this is a huge pain and ideally shouldn't be needed but it works.
If someone from esri is reading this please add the ability for admins using saml to be able to share to groups they arent members of in active directory, or please allow multiple saml assertions to be assigned to a single portal group so I can combine our admin group with all the other groups.
this is too advanced of a product to not have these simple features that other companies utilize with their enterprise type products.
Check this option in each of your ArcGIS Enterprise Group settings (see screen shot). We experienced the same issue as described above. We think when a group is set up, only group owners and managers can contribute by default.