Automatic Group Assignment depending on the Auth token info

RomanBoros · ‎07-13-2021

Hi,

We have successfully setup OpenID Connect login to the ArcGIS Portal.

When the user access the portal trough our identity provider (Identity Server 4), a user is automatically created and he gets the default groups that are setup in "New member defaults".

What we are wondering is if there is way for us to automatically assign the user to groups according to some claims in the access token or some parameters in the user info object?

We are aware of the API that can be use to assign user to group programmatically and we are using that to make sure that the user groups are consistent with our our authorization system, but we want to make sure they are correctly assign on the first login (in order to avoid the situation where the user does not have group until the synchronization is run)

SimonSchütte_ct · ‎04-20-2026

I only know of this method for OpenID Connect-based groups to ArcGIS Enterprise groups:
"Turn on the Enable OpenID Connect login based group membership button to allow members to link specified OpenID Connect-based groups to ArcGIS Enterprise groups during the group creation process.

When you enable this option, organization members with the privilege to link to OpenID Connect groups have the option of creating an ArcGIS Enterprise group whose membership is controlled by an externally managed OpenID Connect identity provider. Once a group is successfully linked to an external OpenID Connect-based group, each user's membership in the group is defined in the OpenID Connect groups claim response received from the identity provider every time the user signs in." (15)
Configure OpenID Connect logins—Portal for ArcGIS | Documentation for ArcGIS Enterprise