Community
Select to view content in your preferred language

Azure AD SSO (SAML) Integration for External Users

713
1
08-29-2022 11:21 AM
jluong
by
New Contributor II
‎08-29-2022 11:21 AM

Hello,

I've got an ArcGIS Enterprise (10.9.1) Portal configured with Azure AD (SAML) for SSO. Everything is generally going well aside for a seemingly random issue we're having with new external Portal users when signing in for the first time. If anyone has experienced these issues or anything similar, any advice/ideas would be greatly appreciated as this is a growing concern for our team.

Once the request for a new external user is received, a new Portal User profile is created (GIS Team) along with a new Azure Guest Account (IT Team). In most cases, the users' Portal profile is assigned to appropriate Portal group(s) so they have instant access upon their first sign-in. When the Azure Guest Account is created, an automated invite email is sent to the user with a link imbedded to access the user's Portal content. At this point, user's may also access their content through URLs shared in advance from other project members.

The (major) issue occurs when the user logs in for the first time, we're observing this odd behavior ... A new portal profile is generated for the user, with a username defaulted to their email address ('@' replaced with '_') suffixed with '_EXT_@<tenant>.onmicrosoft.com' where '<tenant>' is my organization tenant name.

e.g. John Smith (ABCompany) needs access to 'MyCompanys' Map Portal ... 'john.smith@abcompany.com' gets a new profile created with ID/Username 'john.smith_abcompany.com_EXT_@mycompanys.onmicrosoft.com'. John Smith can still access the portal and it is easy enough to assign this new profile to the appropriate group, but in some siutations, immediate access to content upon first sign-in is important.

Another (minor) issue we noticed occurs when some users sign-in successfully to their inteded portal profile, however, their first name attribute is replaced by their email address (last name remains the same). This doesn't affect the users access and is just cosmetic (and easy enough to correct) but thought I'd mention it in case there's any relevance I don't see.

Has anyone experience this as well?

Thank you.

Tags (3)
0 Kudos
1 Reply
IngerLiseGjerdebakken
by
New Contributor
‎02-29-2024 07:16 AM

Hi, we are having the exact same problem, and are very interested to hear if anyone has a  good solution to the problem. Thank you.

0 Kudos