Converting authentication from unique ArcGIS online users to Enterprise Azure AD users

148
1
05-26-2021 12:00 PM
ChipSmith09
New Contributor

Currently we're using ArcGIS online and using our domain email addresses with unique passwords to login. We're attempting to convert to Azure AD authentication. I'd like to match the Enterprise usernames to the usernames we're currently using, however I'm not sure what/where I need to do this.

I've gotten the SAML link to work in the Azure AD Enterprise Apps, however when logging into ArcGIS enterprise with my AD creds, I get an error:

"Unable to sign in, logins are by invitation only. Please contact the administrator of this web site to access this site. IdpUsername: 'user@mydomain.com' Username: 'user@mydomain.com_MyCompanyShortname'"

user@mydomain.com is an existing user account in ArcGIS online. I assume I need to update the User attributes & claims in my Azure AD Enterprise App to pass along this info? I'm not sure what I need to do and the help documentation isn't entirely clear. 

Help documentation in question: https://enterprise.arcgis.com/en/portal/latest/administer/windows/configuring-a-saml-compliant-ident...

Any help would be greatly appreciated!

1 Reply
JCGuarneri
Occasional Contributor

Did you ever come up with a solution? We're going through this process now and running into pretty much the same issue. Our existing Enterprise users are all in the format doej@domain (or domain\\doej), but Azure sends the username as john.doe@domain.com If we allow users to create an account without invitation, they are able to login, but it creates a brand new username. If push comes to shove, we can just get rid of all the old users and add new ones, but it would be nice if we can avoid that.

0 Kudos