Create Enterprise User in ArcGIS Online using REST or Python API

485
4
Jump to solution
08-29-2019 12:27 PM
NareshAligeti1
New Contributor II

Geo Community,

I cannot find any examples to create an enterprise user using ArcGIS REST API. While my focus was to use ArcGIS API for Python to do so, I was told by Esri Level 1 CSA that It is not possible to create enterprise users ( We have ADFS as SAML Identity Provider and integrated with AGOL). 

I can't find any REST API examples in python for reference. I can generate a token successfully with this code.

def genTokenInAGOL():

payload = "client_id=" + clientID + "&client_secret=" + clientSecret + "&grant_type=client_credentials"
headers = {
'content-type': "application/x-www-form-urlencoded",
'accept': "application/json",
'cache-control': "no-cache"
}

response = requests.request("POST", agolUrl, data=payload, headers=headers)
responseInJson = response.json()
return responseInJson['access_token']

Just wanted to Create a new enterprise user account.  Also, I do get confused with Idp_Username and Username in Create object. For provider=enterprise, do both have to be there?

Thanks.

0 Kudos
1 Solution

Accepted Solutions
PeterKnoop
Occasional Contributor III

If you would like to do this via the ArcGIS API for Python, then there is some basic info here:


Creating new user accounts

Unfortunately that doc does not include a complete example for the specific case of creating enterprise logins, however, I've found code like the snippet below works. (If you leave out parameters, like password, which it shouldn't need, you get unexpected errors.)

new_enterprise_user = gis.users.create( 
   username = 'xxxxxxxx_umich',
   password = 'None',
   firstname = 'First',
   lastname = 'Last',
   email = 'xxxxxxxx@umich.edu',
   role = 'org_publisher',
   provider = 'enterprise',
   idp_username = 'xxxxxxxx',
   level = '2',
   user_type = 'creator'
)

View solution in original post

0 Kudos
4 Replies
PeterKnoop
Occasional Contributor III

If you would like to do this via the ArcGIS API for Python, then there is some basic info here:


Creating new user accounts

Unfortunately that doc does not include a complete example for the specific case of creating enterprise logins, however, I've found code like the snippet below works. (If you leave out parameters, like password, which it shouldn't need, you get unexpected errors.)

new_enterprise_user = gis.users.create( 
   username = 'xxxxxxxx_umich',
   password = 'None',
   firstname = 'First',
   lastname = 'Last',
   email = 'xxxxxxxx@umich.edu',
   role = 'org_publisher',
   provider = 'enterprise',
   idp_username = 'xxxxxxxx',
   level = '2',
   user_type = 'creator'
)

View solution in original post

0 Kudos
NareshAligeti1
New Contributor II

Thanks Peter,

Unfortunately, I was told by Esri that this would still create built-in user accounts and not enterprise accounts.

0 Kudos
PeterKnoop
Occasional Contributor III

I just verified that it still works correctly with our ArcGIS Online organization. Accounts created are enterprise accounts, not built-in, arcgis accounts.

We have been relying on this method for awhile now, so I suspect the person with which you communicated at Esri may be mis-informed.

For instance, our ArcGIS Online instance is configured to automatically join authorized enterprise users to our organization, so a user is able to do whatever they need to the first time they login. Sometimes, however, circumstances arise where we need to add an enterprise user to a specific group, before they have logged in that first time.

As the user has not logged in before, their enterprise account doesn't yet exist in the system, so we cannot add them to the group. Therefore, we use we use the above method to create enterprise accounts, so that we can add users to the groups, even if they haven't logged in themselves previously.

As I mentioned, if you don't supply all the parameters it is expecting, then you get unexpected errors. In same cases this means an account is created, but it is a built-in account, rather than an enterprise account. 

Give it a try.

0 Kudos
NareshAligeti1
New Contributor II

Thanks Peter, It worked. I did not know that I had to supply

password='None'

for an enterprise user account.

Here is the script if someone wants to copy and take it to the next level. I need to add more code to it to work with AGE  and built-in accounts and give it some try catch and loggers to it.

from arcgis.gis import RoleManager
from arcgis.gis import GIS

gis = GIS(url="https://company.maps.arcgis.com", username="snknkdnk", password="******")

'''
role_mgr = RoleManager(gis)
roles = role_mgr.all()

for role in roles:
print("{}: {}".format(role.name, role.role_id))
'''

agolIntUsers = []
agolExtUsers = []
for user in gis.users.search('!esri_ & !admin', max_users=1000):
if "@company" in user.email:
agolIntUsers.append(user.username)
else:
agolExtUsers.append(user.email)

def addUserToAGOL_and_Group(lname, fname, username, email, role, level, group):
requestedGroup = (gis.groups.search('title:{}'.format(group))[0]).title
appendedUsername = username + "_comp_gis"
print("Checking if {} {} exists in ArcGIS Online..".format(fname, lname))
if (appendedUsername) not in agolIntUsers:
print("\tChecked.\nCreating user account for {} {} in ArcGIS Online..".format(fname, lname))
gis.users.create(username=appendedUsername, password='None', lastname=lname, firstname=fname, idp_username=email, user_type=level, description= '', email=email, role=role, level=level, provider='enterprise')
print ("\tCreated.\nAllocating default credits to user..")
gis.admin.credits.allocate(username=appendedUsername, credits=1)
print("\tAllocated.")
else:
print("\t{} {} account already exists in ArcGIS Online.".format(fname, lname))

print("Checking if {} {} is a member of {} group..".format(fname, lname,requestedGroup))

if requestedGroup.lower() == group.lower():
userGroup = gis.groups.search('title:{}'.format(group))[0]
if (appendedUsername) not in userGroup.get_members()['users']:
print("\tChecked.\nAdding {} {} to the {} group..".format(fname, lname,requestedGroup))
userGroup.add_users(appendedUsername)
print("\tAdded.")
else:
print("\t{} {} is already a member of {} group.".format(fname, lname, requestedGroup))
else:
print("\tNo group named {} in AGOL.".format(requestedGroup))


addUserToAGOL_and_Group('LastName', 'FirstName', 'MyUsername','MyUsername@company.com', 'Role_Id', 'Creator', 'AGOL_Group')

0 Kudos