I'm having issues with Active Directory users attempting to sign in to ArcGIS Online with Survey 123 (no such errors with Collector) and the issue does not apply to all users. Some users are getting the following message:
"Please copy this code, switch to your application and paste it there:"
It looks like something is getting mis-configured during the login process. Which version of Survey123 is being used? Is the Active Directory endpoint providing a Windows Authentication challenge or web form login?
We've been working on enhancements to login scenarios like the one you describe above in the 2.0 version of Survey123, available at the Early Adopter Community.
We're using the latest version (1.10.25) of Survey123. I'm unsure about the answer to your question regarding Windows Authentication challenge or web form login, but the last screen the user sees before the failure is our standard F5 screen:
Okay, it looks like the latter option (form). Given that, it sounds like the problem might Survey123 not recognizing the access token after login or the page taking a longer time to complete than expected. I would try against the version 2.0 of Survey123- while we weren't specifically solving this issue, there are a set of general login stability improvements. You can get to it via the http://bit.ly/S123beta .
This is a known issue with IWA-fronted SAML logins. With 2.0, we introduced preliminary support for a configuration that can work around the limitation. Go to 'Settings' and select the 'Portals' tab. Click and hold on 'Select your Active ArcGIS Portal'- this will show the advanced configuration options. Click on 'Add Portal'. Type in the organization name and select 'Use external web browser for sign in' and then add the Portal. When signing in, you will see that Survey123 actually launches over to your browser to sign in, and then goes back to Survey123 once the sign in is complete. Currently, this works best on mobile devices -t here are some issues with it on Windows (which is why I categorized this as 'preliminary' support).
James, I'm also seeing the error that Kevin sees using iOS with Okta and Enterprise logins to our Portal for ArcGIS 10.5.1. I followed your instructions and when I login Survey123 passes me to a browser as you said it would then when I log in, I'm receving the following error "Could not access any Portal Machines. Please contact your system Admistrator." The URL I'm taken to is https://dot.esri.com/portal/sharing/rest/oauth2/saml/signin. I've never seen this error logging into our portal from any other app. Any ideas?
We are having the same issue on a few iOS devices, not all, trying to authenticate to our Portal, and they used to work just fine, no config changes. We try your advanced, external web browser method, but that just opens the browser to a bad URL
that returns a 400 error "Invalid redirect_uri". What else can we try? We have Survey123 for iOS 2.6.9
We are working to correct this issue. In the meantime, you can set up login using an external browser. In the login dialogue, click on the gear icon, click ‘Add Portal’, enter the address of your organization, and select the ‘Use external web browser for sign in’.