AnsweredAssumed Answered

Enterprise Login - No E-Mail or GivenName in User Profile

Question asked by coffeyjr3ago on Mar 9, 2015
Latest reply on Jul 11, 2016 by lwrogers

We have set up enterprise login capability for ArcGIS Online using SAML, but the user's profile information is not being created correctly in AGOL.

The enterprise authentication and login works and will create accounts manually or automatically.

However, the GIVENNAME and EMAIL attributes in the SAML assertion are apparently ignored (maybe we have them formatted incorrectly...).

Viewing a User's profile shows the FirstName is populated with the NameID attribute, and no e-mail shows up on the user profile (even the "E-mail address" label is not there, which does show up for non-enterprise login users).

 

Any information will be appreciated.

 

Thank........j.russ

 

 

Here is the attribute portion of the SAML assertion (NameID is passed earlier in the assertion as "COFFEYJ" in this example, and comes across correctly):

 

     <saml2:AttributeStatement>

 

     <saml2:Attribute Name="FIRSTNAME">

     <saml2:AttributeValue>RUSS</saml2:AttributeValue>

     </saml2:Attribute>

 

     <saml2:Attribute Name="GIVENNAME">

     <saml2:AttributeValue>RUSS COFFEY</saml2:AttributeValue>

     </saml2:Attribute>

 

     <saml2:Attribute Name="EMAIL">

     <saml2:AttributeValue>russ.coffey@lvvwd.com</saml2:AttributeValue>

     </saml2:Attribute>

 

     <saml2:Attribute Name="LASTNAME">

     <saml2:AttributeValue>COFFEY</saml2:AttributeValue>

     </saml2:Attribute>

 

     </saml2:AttributeStatement>

 

Sample User Profile created from Enterprise Login:

Notice no place for an E-mail address:

Outcomes