Select to view content in your preferred language

Unverified email addresses & SAML Login Configuration

928
4
06-23-2022 06:43 AM
Status: Open
John_Spence
Frequent Contributor

Hi folks,

I am enjoying the latest upgrade, but I have an issue w/ the new section of the org page that has unverified email addresses.

John_Spence_0-1655991550156.png

As to why that is a problem for me, I am configured to use SAML logins and, when my users log on, their Given-Name, Surname, Email Address, and Toke-Groups auto update. As those items are being fed by LDAP, how are they a unverified member?

Proposal:

Update AGOL Administration of unverified email addresses to auto prune for SAML derived logons.

John_Spence_1-1655991718914.png

I believe there should also be a button for manually verify the address, but there is none so you can't reduce or eliminate the warning. *Sigh*

 

Tags (3)
4 Comments
JayHodny

We are seeing this message too.  Am I supposed to go through each member in the list, type in their email address to confirm and save?  The "New email address" field is confusing.

JayHodny_0-1655993857720.png

 

John_Spence

@JayHodny , from a limited set of testing, there is not a way to clear it out that is obvious to me for SAML auth users. I tried it with a couple of my accounts the unverified address number remained solidly the same as it had been before.

Map2021

To be honest, this is a very frustrating and terrible implementation for everyone who is using multi Factor authentication or anything tied to O365 or SAML. ESRI, why didn't you test this before rolling it out?

SaraJL
by

We also received the same message and use SAML/Google authentication. Gave me a heart attack to see a message for 500-600 accounts "unverified" when I logged in that morning!

I ended up talking with a support rep - it sounds like if you have SAML, technically you don't need the email verification because it's going through the host. They instructed me to go to the organization settings on ArcGIS Online > click on the Security tab > go to the Email verification section > and turn the option off. That fixed the error message! (and stopped giving me a heart attack!)

It will still pop up for accounts that don't go through the hosted organization (ie. some admin accounts, outside accounts, etc.)

Hopefully that helps! At least on SAML, accounts that are "unverified" don't lose access to anything. They can still use licenses. It really should be something that is default turned off for SAML security.

Good luck all!