Community
Select to view content in your preferred language

Automatically assign User Type and Role based on AD groups

380
2
01-21-2026 12:57 AM
markovic_m
by
Emerging Contributor
‎01-21-2026 12:57 AM

Hello,

We are using ArcGIS Enterprise with Active Directory authentication (LDAP/IWA) and we are looking for a way to automatically assign a User Type (license) and a Role to users based on their Active Directory group membership.

The expected workflow would be:

  • A user belongs to one or more AD groups

  • Each AD group is mapped to:

    • a specific ArcGIS User Type

    • a specific Portal Role (standard or custom)

  • When the user logs in (or is created), the User Type and Role are assigned automatically

From what I understand, ArcGIS Enterprise does not natively support mapping AD groups to user types or roles.

Can anyone confirm:

  1. Whether this is possible natively in recent versions of ArcGIS Enterprise?

  2. If not, what is the recommended best practice?

Any feedback or real-world experience would be greatly appreciated.

Thank you!

2 Replies
ReeseFacendini_MadCo
by
Occasional Contributor
‎01-26-2026 06:57 AM

I don't believe this is possible at any version of Enterprise currently. I've done something similar in the past with a python script, that would check newly added users against AD and assign / update permissions accordingly. I've also seen it done with a Survey123 form, where users "request" a login, and a python script goes through to create the user with the right user type and role from the start. Either way, I would suggest looking into scripting to solve this.

0 Kudos
TravisSaladino
by Esri Contributor
Esri Contributor
‎02-05-2026 07:17 AM

Another approach is to set up the ArcGIS Enterprise portal's group store to use AD. Then as a portal administrator, add all the users from an AD group to the portal. In this workflow you get to assign the user type and role for all the members you are adding from that AD group all at one time. 

See the Group Store Configuration help at https://enterprise.arcgis.com/en/portal/latest/administer/windows/use-your-portal-with-ldap-and-port...

This doc seem to be specific to making groups in ArcGIS Enterprise based on groups in AD, but it is not that limited. 

See the Enterprise help at https://enterprise.arcgis.com/en/portal/latest/administer/windows/add-members-to-your-portal.htm#:~:... for the workflow.  

0 Kudos