Portal login enterprise user without domain prefix

2164
2
Jump to solution
02-20-2019 10:55 AM
SebastianCabrera
Esri Contributor

Hello

Is there a way for a AD user to login to Portal without adding the domain prefix to the username? Web tier authentication is not an option, but for a better user experience, a customer wants to avoid typing the "domain\". Is this possible?

0 Kudos
1 Solution

Accepted Solutions
TrevorNickolai
New Contributor III

Hey Sebastian,

There is the ability to add AD users to Portal and have them login without the "DOMAIN\username" or "username@DOMAIN", but the method would make it so they can only login using one format and that is "username".  If they attempt this workflow and decide to login as "DOMAIN\username" or "username@DOMAIN" it will actually create a new AD account.

When configuring the Windows Authentication in portaladmin, security, config, update Identity Store, we would want to include the parameter: “checkForMultipleUsernameFormats”: "true".  We then will want to either go into portaladmin, security, config, Update Security Configuration, and change "enableAutomaticAccountCreation" to "true" (this will only allow for automatic account creation when valid AD credentials are provided) or we can go into portaladmin, security, users, create user and provide the customers proper AD information (username format would be = "username") and be sure to change "Provider" to Enterprise Identity Provider.

Either method for adding users should result in AD username formats to not include the DOMAIN\username or username@DOMAIN

View solution in original post

2 Replies
TrevorNickolai
New Contributor III

Hey Sebastian,

There is the ability to add AD users to Portal and have them login without the "DOMAIN\username" or "username@DOMAIN", but the method would make it so they can only login using one format and that is "username".  If they attempt this workflow and decide to login as "DOMAIN\username" or "username@DOMAIN" it will actually create a new AD account.

When configuring the Windows Authentication in portaladmin, security, config, update Identity Store, we would want to include the parameter: “checkForMultipleUsernameFormats”: "true".  We then will want to either go into portaladmin, security, config, Update Security Configuration, and change "enableAutomaticAccountCreation" to "true" (this will only allow for automatic account creation when valid AD credentials are provided) or we can go into portaladmin, security, users, create user and provide the customers proper AD information (username format would be = "username") and be sure to change "Provider" to Enterprise Identity Provider.

Either method for adding users should result in AD username formats to not include the DOMAIN\username or username@DOMAIN

SebastianCabrera
Esri Contributor

Hello Trevor,

Thanks a lot for your answer, exactly what I needed to know.

0 Kudos