Select to view content in your preferred language

Issue with special characters in Azure Active Directory ldp guest usernames integrating with ArcGIS Online

2872
3
Jump to solution
06-30-2021 11:23 AM
FrankMartin1
Regular Contributor

We've switched to using Azure AD authentication for ArcGIS Online.   For guest users (not in organization), Azure AD creates a username (User principal name) that includes special characters (#'s), ex. somebody.somewhere.org#EXT#@acme365.onmicrosoft.com.  This username cannot be use for the SAML ID when adding a member to ArcGIS Online.  See image below.

FrankMartin1_0-1625076819305.png

Has anyone seen this problem before, and is there a solution?

Thanks,

Frank

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
DerekLaw
Esri Esteemed Contributor

Hi @FrankMartin1,

A couple of possible workarounds you could try:

"Try to use automatic user registration. Since you are creating new accounts for external users, you could turn on automatic registration, test automatic registration & login for each new account and then turn off auto registration.

Another way to workaround this, if you don’t want to enable auto user registration, would be to add members from a file: 

Email,First Name,Last Name,SAML ID,User Type,Role

user@org.com,Firstname,Lastname,username@org#EXT#@dept.company.com,Viewer,Viewer

This also will preserve the ‘#’ characters in the idpusername, while the username is normalized." 

Hope this helps,

View solution in original post

3 Replies
DerekLaw
Esri Esteemed Contributor

Hi @FrankMartin1,

A couple of possible workarounds you could try:

"Try to use automatic user registration. Since you are creating new accounts for external users, you could turn on automatic registration, test automatic registration & login for each new account and then turn off auto registration.

Another way to workaround this, if you don’t want to enable auto user registration, would be to add members from a file: 

Email,First Name,Last Name,SAML ID,User Type,Role

user@org.com,Firstname,Lastname,username@org#EXT#@dept.company.com,Viewer,Viewer

This also will preserve the ‘#’ characters in the idpusername, while the username is normalized." 

Hope this helps,

RenaudJOGUET92
New Contributor

Hello @DerekLaw ,
Does this solution work on Portal 10.9 (linux installation) ? We are not able to correct the problem on Portal 10.9 (with auto user registration disable and file)
Thanks,
Renaud

0 Kudos
DerekLaw
Esri Esteemed Contributor

Hi @RenaudJOGUET92,

Does this solution work on Portal 10.9 (linux installation) ? We are not able to correct the problem on Portal 10.9 (with auto user registration disable and file)

Apologies for the late reply. I don't have much experience working with ArcGIS Enterprise on Linux OS so I can't say if the solution will work. Please contact Esri Tech Support - they are the best folks to help you resolve your issue. Sorry.

 

0 Kudos