Community
Select to view content in your preferred language

Portal for ArcGIS 11.0 - Refresh Membership During Login

548
3
11-03-2023 09:03 AM
asergio
by
New Contributor III
‎11-03-2023 09:03 AM

We have an ArcGIS Enterprise 11.0  windows installation, where the authentication is integrated with Windows Active Directory, either at the user level or at the group level, as shown below:

User Store/Group Store:

asergio_1-1699026612508.png

If in Windows Active Directory (AD) we add a user that already exists in Portal for ArcGIS to an AD group also mapped in Portal for ArcGIS,  when the user authenticated in to the Portal, and he had logged into the Portal less than an hour ago, the refresh membership is not executed, and in the Portal logs in debug mode it appears: "Refresh user membership: No refresh. Interval time has not elapsed."

But if the user has already logged into the Portal for more than an hour, when the user authenticates in Portal the refresh membership is performed, and in the Portal logs in debug mode it appears:  "Refresh user membership: In progress for user '.............'. Thread id: 5900287 ".

According to the documentation, whenever a user logs in, the refresh membership should be automatically performed, even if they last logged in less than an hour ago, does anyone know why this isn't happening?

 

Thanks,

Antonio Sergio

0 Kudos
3 Replies
MichelleCasey2
by Esri Contributor
Esri Contributor
‎11-03-2023 09:41 AM

Portal for ArcGIS can keep a list of logins and accounts removed and "caches" them for 60 minutes.

Within the Portal Common Problems document it mentions that "the identity store refreshes when the new member signs in to the portal or the next time your portal identity store automatically refreshes, whichever occurs first". If the user logs out and logs back in, does the membership refresh?

I hope this helps.

0 Kudos
asergio
by
New Contributor III
‎11-03-2023 09:58 AM

Hi @MichelleCasey2 

The membership refresh in login occurs only if the user logs has been an hour since the last login with refresh membership, i made several tests (Login and Logout) during the day with the AD Administrator and that is the behavior.

Thanks,

Antonio Sergio

0 Kudos
TroyBum72
by
Occasional Contributor
‎12-18-2023 01:42 PM

Great thread.  We are seeing some strange group membership issues, did this get resolved?  Users who have long been a part of a SAML/ad group lost access to that content but re still members of the AD group, just not the Portal Group.  It's like here today(group membership) gone tomorrow and for one user I had to delete their account and start over 

0 Kudos