For a while we have recommended that the best approach for managing an ArcGIS Online or ArcGIS Enterprise portals is to enable enterprise logins, commonly referred to as Single Sign On (SSO). The information below may be useful for those who are not familiar, or have not implemented it, yet.
SSO enables a user to use the same set of credentials for signing in to multiple applications. This means that faculty and students can use the same credentials coming from their institution’s enterprise identity store to login to ArcGIS Online or ArcGIS Enterprise.
What happens in the background? An ArcGIS Account still gets created for identity purposes that is linked to your enterprise credentials. This is not visible to the user.
SSO can be setup for both ArcGIS Online as well as ArcGIS Enterprise, both referred to as “portal”, and can be setup for multiple portals.
What will be alleviated with SSO
Ease of access – one set of credentials will be used.
User management – this is HUGE for academia. Enabling SSO means that no additional account logins need to be created for ArcGIS Online or ArcGIS Enterprise. We don’t have to add students to the portal manually (or via script), and share credentials with them.
This could solve various inefficiencies associated with creating and managing multiple accounts, which takes time and thus is an incurred cost.
Students have one account only, if one portal is used, which makes it easy to save projects and build their geosopatial portfolio. Without SSO, some institutions create different student accounts for different courses, which means that workflows would need to be in place to transfer student content.
When a student is no longer attending the university, and have been removed from the institution's identity store, access can be prevented. They will no longer be able to login to the ArcGIS Online or ArcGIS Enterprise portal. As an administrator, it would be easy to find disabled accounts, determine what would be done with their content, then remove the student account from the portal.
What you would still need to do (i.e. what problems it does not solve)
Manage groups – a group for a course or project would still need to be created, and users added to it. SAML-based group membership functionality is now available.