Community

ArcGIS Online Enterprise Logins using AD

4859
2
01-15-2015 09:21 PM
AndrewLangdon
by
New Contributor II
‎01-15-2015 09:21 PM

Hi there

Configuring ADFS and AGOL for Enterprise logins (SSO) provides us with one small problem, the username that is applied to the new login is <e-mailaddress>_<siteurl>

Is there a right way to ensure the ArcGIS Online username that is applied to the account during the initial enterprise signin process does not contain the users actual e-mail address.

0 Kudos
2 Replies
HenryTrimon
by Esri Contributor
Esri Contributor
‎01-16-2015 01:06 AM

Hi Andrew,

Look at point 14 and 15 in the documentation Configure Active Directory Federation Services—ArcGIS Online Help | ArcGIS

NameID is the attribute that must be sent by AD FS in the SAML response to make the federation with ArcGIS work. When a user from the IDP logs in, a new user with the user name NameID_<url_key_for_org> will be created by ArcGIS Online in its user store.

Have you configured E-Mail-Addresses (LDAP Attribute) with the Name ID (Outgoing Claim Type)?

This could result in <e-mailaddress>_<siteurl>

AndrewLangdon
by
New Contributor II
‎01-18-2015 08:00 PM

Thanks for replying Henry,

This does appear to be the missing step. I'll update this thread when our IT has made the adjustments to AD.

0 Kudos