Hi Enterprise guru (tagging @ReeseFacendini )
currently we have SAML idpUsername "xxxx@example.com.au" and we are changing, moving to "xxxx@example.com" (no .au) . Will there be any implication to existing users? Will portal have any issues mapping the new idpUsername to existing one if we were to use https://developers.arcgis.com/rest/enterprise-administration/portal/update-enterprise-user.htm and update the idpUsername. The process would be
- Freeze and bring down enterprise
- Update SAML user UPN
- Run python script to update idpUsername using updateEnterpriseUser api
Restart
Any advise?
Solved! Go to Solution.
As long as the idpUsername matches what the SAML response has listed for Name ID in the subject there shouldn't be any affect on existing users.
The caveat here is that the usernames in your organization will remain using the 'example.com.au' suffix. If you want to align that with the new idpUsernames you'd need to perform a migration to the new users including group membership and content from the existing users. If the vanity username in the organization isn't important to update, you can just use the Portal Admin API you listed above.
As long as the idpUsername matches what the SAML response has listed for Name ID in the subject there shouldn't be any affect on existing users.
The caveat here is that the usernames in your organization will remain using the 'example.com.au' suffix. If you want to align that with the new idpUsernames you'd need to perform a migration to the new users including group membership and content from the existing users. If the vanity username in the organization isn't important to update, you can just use the Portal Admin API you listed above.
Is there an equivalent tool for ArcGIS Online?
Due to the nature of username uniqueness across all ArcGIS Online organizations the same tool isn't available within the SaaS platform.
Dang! Totally understand, but makes it tougher when a user changes their last name, etc. Appreciate the response.