new users unable to login to Portal after 10.7 upgrade

2430
4
Jump to solution
05-10-2019 09:06 AM
JustinWolff
Occasional Contributor

Our regular Portal admin is out today, and we just finished upgrading to 10.7 yesterday.  Before the upgrade, new users would initially login to Portal, and then after their first login we (admins) would invite them to their appropriate group(s).  Since upgrading to 10.7 this no longer works.  After clicking our Enterprise login and entering their creds, they receive the message: Unable to signup user because of a software authorization error.  Please contact your ArcGIS Enterprise administrator for assistance.

This does not seem to be an AD issue, because they are in the correct AD groups and are entering their credentials - it seems to be Portal isn't accepting them for whatever reason.

Again, I'm not our regular guy to handle this stuff, but we're getting a lot of tickets about this today and I'd like to solve it if possible.  Thanks.

Tags (1)
1 Solution

Accepted Solutions
JakeSkinner
Esri Esteemed Contributor

Hi Justin,

The licensing changed at ArcGIS Enterprise 10.7.  See the following link.  You will most likely have to assign a  valid user type to these users.

Your organization has named user or level 2 members, and your new license file has more than one compatible user type (e.g. Creator and GIS Professional).

In this case, all named user or level 2 members will be assigned what is called the Standard (Temporary) user type. Members assigned the Standard (Temporary) user type will not be able to access the portal until the administrator signs into the portal and manually assigns a valid user type license to these members. We will discuss some best practices in post-upgrade license management in the After upgrading section below.

View solution in original post

4 Replies
JakeSkinner
Esri Esteemed Contributor

Hi Justin,

The licensing changed at ArcGIS Enterprise 10.7.  See the following link.  You will most likely have to assign a  valid user type to these users.

Your organization has named user or level 2 members, and your new license file has more than one compatible user type (e.g. Creator and GIS Professional).

In this case, all named user or level 2 members will be assigned what is called the Standard (Temporary) user type. Members assigned the Standard (Temporary) user type will not be able to access the portal until the administrator signs into the portal and manually assigns a valid user type license to these members. We will discuss some best practices in post-upgrade license management in the After upgrading section below.

JustinWolff
Occasional Contributor

Thanks Jake.  What we actually found was far simpler.....we didn't have a Default User Type Role set.  Sigh...

-Justin

deactivated-user-ChrisBeaudett
New Contributor III

Indeed, we found the same: if you have Portal Settings > Security > Edit Identity Provider > Your users will be able to join: Automatically set before the upgrade, then after the upgrade the Portal Settings > Member Roles > Default User Type and Default role for new members will be un-set/set to invalid values.  You have to set these values before new users will be able to log into the portal and get their accounts auto-created.  (Existing accounts work fine).

MarleyGeddes
Esri Contributor

Hi all, 

I want to provide a little background information for the issue you are running into here.

Automatic account creation is disabled and the default user type and role for new members for is not defined after upgrading from an ArcGIS Enterprise version prior to 10.7 to 10.7 or greater. You are unable to set automatic account creation without first setting the default user type and role for new members.The logic for this is that we changed from defining members using levels to user types and require administrators to define the user type for new members.

However, there is a known issue when upgrading to 10.7 or 10.7.1 where we do not disable automatic account creation for organizations configured to use a SAML identify provider during the upgrade. This is why you have run into the issue where automatic account creation is set but the default user type and role for new members is not defined. 

As you have discovered, this issue is resolved by setting the default user type and role for new members. 


Thanks,
Marley