Hi there
Configuring ADFS and AGOL for Enterprise logins (SSO) provides us with one small problem, the username that is applied to the new login is <e-mailaddress>_<siteurl>
Is there a right way to ensure the ArcGIS Online username that is applied to the account during the initial enterprise signin process does not contain the users actual e-mail address.
Hi Andrew,
Look at point 14 and 15 in the documentation Configure Active Directory Federation Services—ArcGIS Online Help | ArcGIS
NameID is the attribute that must be sent by AD FS in the SAML response to make the federation with ArcGIS work. When a user from the IDP logs in, a new user with the user name NameID_<url_key_for_org> will be created by ArcGIS Online in its user store.
Have you configured E-Mail-Addresses (LDAP Attribute) with the Name ID (Outgoing Claim Type)?
This could result in <e-mailaddress>_<siteurl>
Thanks for replying Henry,
This does appear to be the missing step. I'll update this thread when our IT has made the adjustments to AD.