As an administrator of ArcGIS online for my organisation, one of my tasks is user account management i.e. creating new accounts for members who join our organisation and removing members who leave. Our policy is to have accounts created before a new joiner actually starts their position, so IT can help them setup their new PC including logging into ArcPRO desktop for the first time.
Recently, a new member of staff joined, I created their account about 4 days before their actual start date as per our normal policy, however it later transpired that the users account was blocked the moment it was created.
It transpired that although based in the EU, whenever new users are created on AGOL, their name and email address is bounced off a U.S. government’s "denied parties lists" - the account was blocked until ESRI inc verified the user was not whomever our new user resembled on this list.
However - we weren't aware of the block until the user actually tried to login, and because this is such a rare event (I've managed over 500 accounts at this point and this is the first time this has happened) we had no idea how to resolve, turns out, only way to get the block removed is to contact ESRI inc.
My idea is simple: please setup a notification alert for arcgis online administrators if an account is blocked due to the U.S. government’s "denied parties lists", this will allow administrators to contact ESRI inc immediately to have the account checked and verified.
We lost almost a week of productivity due to not being notified and stressed out a new member of staff - if ESRI bounce the users credentials off a list, surely some return must happen to apply a block to the account if a match is found - that could be a simple event trigger to issue an automated message to AGOL admins that the account is now blocked and they need to contact ESRI to have the block removed.
Are you using the new employees personal email address or are you creating new email addresses based on your company domain?
company domain addresses only, we never use personal email addresses for accounts.
I completely support this idea. I work at a University and we create user accounts quite frequently, usually in bulk by uploading a spreadsheet. We only find out that an account has been blocked when the user tries to use the account in a training/workshop environment, at which point it's too late to request their account is unblocked in time for them to take part in the class. It's really infuriating.
Bumping this back up to the top of the feed as it's still an issue.
My colleague and I have both been blocked twice since January 1. I didn't press for a reason the first time ESRI validated my account, but I did press for the reason after the second block. I was told I was a possible match to a record on the Denied Parties lists of the United States Government. Less than 10 seconds later, my account re-validated.
I suspect the matching algorithm has been tweaked to classify a wider range of names as possible matches? It's not as if my account is new… I've used it since since 2019 and haven't had any issues until this year.
Edit: well, now my account seems to have been reset to show I've only been here 15 minutes. Fantastic.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.