Community
Select to view content in your preferred language

What are Best Practices for Portal Administrator Accounts?

660
6
10-16-2024 06:09 AM
JonathanDandois
by
Frequent Contributor
‎10-16-2024 06:09 AM

What are Best Practices for Portal Administrator Accounts?

Our Portal is configured to use only SSO single sign-on for logins, and built-in user sign-ins are disabled. This has a nice benefit of allowing users to sign in to maps and apps quickly without having to think about clicking a sign-in option (for example, if built-in logins are enabled, users will try to enter their SSO credentials into the built-in field and it will fail).

I have my own personal SSO account enabled as a Portal Administrator. This allows me to quickly make changes to maps, apps, members, Groups, etc. However, a downside of this is that my user doesn't "see" maps and apps in the same way as normal users because of my Administrator Role. On more than one occasion, I have loaded a map/app and it works just fine, but standard users might see a layer permission issue or related problem. 

Is it possible to use only SSO sign-in, but still be able to login as a built-in Administrator user? For example if I demote my personal SSO to a Publisher or similar role, but have a built-in Administrator user that i can use for Portal administration tasks?

6 Replies
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎10-16-2024 08:54 AM

yes

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎10-16-2024 08:55 AM

you can have both at the same time and disable the option for users to create their own internal portal accounts

0 Kudos
JonathanDandois
by
Frequent Contributor
‎10-16-2024 08:59 AM

Thanks @BillFox , yes I am aware that both built-in and SSO can be enabled at the same time and when that is enabled the UI appears that allows user to pick.

What I am wondering is if there is a way to sign-in as a built-in user without this UI appearing? i don't want to give users the option because when i do, they try to enter their SAML SSO credentials into the ArcGIS login section and that fails. When the built-in option is disabled, the users are immediately signed in via the SSO SAML just when they visit a map or app and don't have to click this experience. 

 

JonathanDandois_0-1729094261438.png

 

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎10-16-2024 09:13 AM

you could ArcGIS Server's admin directory like that but as far as I can tell anything portal-ish prompts that dialog

 

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎10-16-2024 08:55 AM

highly recommended in case you have any AD issues too

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎10-16-2024 08:59 AM

and don't get tangled up with the max 20 character name in the setup

https://community.esri.com/t5/arcgis-enterprise-questions/username-is-longer-than-20-characters/td-p...

 

https://support.esri.com/en-us/knowledge-base/error-user-name-is-longer-than-20-characters-000027233

 

0 Kudos