SSO Username format

403
1
Jump to solution
11-15-2023 12:17 PM
Labels (1)
Thomas_Z2
New Contributor III

We just set up ArcGIS Online using a SSO, however the Organization Short Name is added with an underline.

I have changed the settings for the Username Format under New Member Defaults to Email Address PrefixBut this has no effect.

We do not wish to have the Organization Short Name added. We would like to have the username (which is equals the e-mail address provided by the IDP) the same as in our internal Portal for ArcGIS.

How can we change the default username created by users who login to ArcGIS Online using SSO?

0 Kudos
1 Solution

Accepted Solutions
Thomas_Z2
New Contributor III

Esri Support pointed me to the ArcGIS Enterprise documentation:


If the same SAML-compliant identity provider is used in your ArcGIS Online organization and your portal, the organization-specific user names can be configured to match. All organization-specific user names in ArcGIS Online have the organization short name appended to the end. The same organization-specific user names can be used in your portal by defining the defaultIDPUsernameSuffix property in the ArcGIS Enterprise portal's security configuration and setting it to match the organization's short name. This is needed if editor tracking is enabled on a feature service that is edited by organization-specific users from both ArcGIS Online and your portal.

(Source: Match ArcGIS Online user names in the ArcGIS Enterprise portal; emphasizing mine)


Addendum: I finally got around to test it. Here is how you can configure a suffix for IDP users on ArcGIS Enterprise:

More information for the defaultIDPUsernameSuffix can be found here and you can configure the property through the portaladmin interface:

Click Update Security Configuration, then update the JSON string by adding "defaultIDPUsernameSuffix": "YourSuffix".

Then click Update Configuration. Done.

 

Thomas_Z2_0-1701182243438.png

View solution in original post

0 Kudos
1 Reply
Thomas_Z2
New Contributor III

Esri Support pointed me to the ArcGIS Enterprise documentation:


If the same SAML-compliant identity provider is used in your ArcGIS Online organization and your portal, the organization-specific user names can be configured to match. All organization-specific user names in ArcGIS Online have the organization short name appended to the end. The same organization-specific user names can be used in your portal by defining the defaultIDPUsernameSuffix property in the ArcGIS Enterprise portal's security configuration and setting it to match the organization's short name. This is needed if editor tracking is enabled on a feature service that is edited by organization-specific users from both ArcGIS Online and your portal.

(Source: Match ArcGIS Online user names in the ArcGIS Enterprise portal; emphasizing mine)


Addendum: I finally got around to test it. Here is how you can configure a suffix for IDP users on ArcGIS Enterprise:

More information for the defaultIDPUsernameSuffix can be found here and you can configure the property through the portaladmin interface:

Click Update Security Configuration, then update the JSON string by adding "defaultIDPUsernameSuffix": "YourSuffix".

Then click Update Configuration. Done.

 

Thomas_Z2_0-1701182243438.png

0 Kudos