Create User in ArcGIS Online with provider=enterprise

JerryWaldorf · ‎03-13-2018

How can you create a user in ArcGIS Online with the provider=enterprise using the REST API?

Raul_Jimenez · ‎03-15-2018

Hi Jerry,

What kind of user?
- An user in an organization? <- Create User—ArcGIS REST API: Administer your portal | ArcGIS for Developers
- An ArcGIS.com public account? <- https://www.arcgis.com/sharing/rest/community/signup
What do you mean with "the provider=enterprise"?

Cheers

JerryWaldorf · ‎03-15-2018

We are trying to create a new user in https://aqueraajax.maps.arcgis.com. This user would be an external user managed by an enterprise identity store. In our case Okta.

We would like this user to have the idpUsername=jerry.waldorf@aquera.com and have the provider=enterprise.

idpUsername and provider are attributes about the user and are defined here:

User—ArcGIS REST API: Users, groups, and content | ArcGIS for Developers

JerryWaldorf · ‎03-15-2018

I can't find the documentation on the REST API call: https://www.arcgis.com/sharing/rest/community/signup

Where is that located?

Raul_Jimenez · ‎03-15-2018

That REST API is not documented , I found it debugging the browser, but in your case you are talking about a name user inside an org. A public account is not linked to an organization and only can create items (Web Maps, Web Mapping Applications, etc) but it is very limited.

Raul_Jimenez · ‎03-15-2018

About the other question, I'm not sure if it is possible for you to create a user though the REST API.

I have just tried using this endpoint:

https://{{urlKey}}.maps.arcgis.com/sharing/rest/portals/self/invite‍‍

And I tried to send this payload:

{
     "invitations": [{
          "username": "USERNAME",
          "password": "PASSWORD",
          "firstname": "FNAME",
          "lastname": "LNAME",
          "fullname": "FNAME",
          "email": "EMAIL",
          "role": "account_user",
          "level": "2",
          "provider": "enterprise",
          "userType": "arcgisonly"
     }]
}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

But it didn't work (this is the Postman collection I used).

Sorry I can't be more helpful.

PeterKnoop · ‎03-15-2018

We've moved on to use the ArcGIS API for Python for tasks like this (see arcgis.gis.UserManager.create), which wraps the REST API call for you. If I remember correctly, however, from the days before the Python API, the REST API call is Create User.

The following works with ArcGIS Online and Shibboleth, so the username format might need some minor tweaking to work with one of the other SAML providers.

https://<url_key_for_org>.maps.arcgis.com/gis/portaladmin/security/users/createUser

username = 'knooptp_<url_key_for_org>',

password = 'None',

firstname = 'Peter',

lastname = 'Knoop',

email = 'knooptp@devumich.edu',

role = 'org_publisher',

provider = 'enterprise',

idp_username = 'knooptp',

level = '2'

I believe you have to have password set to None, and that you cannot simply leave the parameter off, as some of the documentation suggests.

JerryWaldorf · ‎03-16-2018

curl -X POST \
https://aqueraajax.maps.arcgis.com/gis/portaladmin/security/users/createUser \
-H 'Cache-Control: no-cache' \
-H 'Postman-Token: 2866a8f1-d82e-4da9-9198-d54c2e66db25' \
-H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \
-F username=harishhubgmail_aqueraajax \
-F password=None \
-F firstname=harish \
-F lastname=kumar \
-F email=hk8049@gmail.com \
-F role=org_publisher \
-F provider=enterprise \
-F idp_username=harishhubgmail \
-F level=2 \
-F token=pO3saPtlh_X68L8orfyM5iQrtdcLIH1D789DFeJKrrWgBN-biNCaxfkRZD4w6mjqjPxLx0L1kEsXLGKp55sZvN0HI1RjG9yxAe7qiuJC8dDbDUhfmV-z3vbBCGK1Cokke3YkKLelKEe9bfrsRXXR62hkTPhx8Db7MkX7V_jsLDA. \
-F f=json

Returns a 404. Are we using the right URL? Can you send me the exact cURL command you are using that works for you.

Raul_Jimenez · ‎03-19-2018

I think that endpoint is only valid for Portal for ArcGIS, but not for ArcGIS Online:

I can not find that on ArcGIS Online, ialixandroaeesriro-ro-esridist, Tom Wayson, Gavin Rehkemper, John Gravois any of you could confirm us that?