Select to view content in your preferred language

update to SAML user user principal name impact on existing user

1763
4
Jump to solution
09-22-2022 08:51 PM
vtey_esriau
Occasional Contributor

Hi Enterprise guru (tagging @ReeseFacendini )

currently we have SAML idpUsername "xxxx@example.com.au" and we are changing, moving to  "xxxx@example.com" (no .au) .  Will there be any implication to existing users? Will portal have any issues mapping the new idpUsername to existing one if we were to use https://developers.arcgis.com/rest/enterprise-administration/portal/update-enterprise-user.htm and update the idpUsername. The process would be

- Freeze and bring down enterprise

- Update SAML user UPN

- Run python script to update idpUsername using updateEnterpriseUser api

Restart 

Any advise?

1 Solution

Accepted Solutions
ChristopherPawlyszyn
Esri Contributor

As long as the idpUsername matches what the SAML response has listed for Name ID in the subject there shouldn't be any affect on existing users.

 

The caveat here is that the usernames in your organization will remain using the 'example.com.au' suffix. If you want to align that with the new idpUsernames you'd need to perform a migration to the new users including group membership and content from the existing users. If the vanity username in the organization isn't important to update, you can just use the Portal Admin API you listed above.


-- Chris Pawlyszyn

View solution in original post

4 Replies
ChristopherPawlyszyn
Esri Contributor

As long as the idpUsername matches what the SAML response has listed for Name ID in the subject there shouldn't be any affect on existing users.

 

The caveat here is that the usernames in your organization will remain using the 'example.com.au' suffix. If you want to align that with the new idpUsernames you'd need to perform a migration to the new users including group membership and content from the existing users. If the vanity username in the organization isn't important to update, you can just use the Portal Admin API you listed above.


-- Chris Pawlyszyn
John_Spence
Frequent Contributor

Is there an equivalent tool for ArcGIS Online?

0 Kudos
ChristopherPawlyszyn
Esri Contributor

Due to the nature of username uniqueness across all ArcGIS Online organizations the same tool isn't available within the SaaS platform.


-- Chris Pawlyszyn
0 Kudos
John_Spence
Frequent Contributor

Dang! Totally understand, but makes it tougher when a user changes their last name, etc. Appreciate the response.

0 Kudos