SAML/ADFS authentication and AD group management

Jan 10, 2017
Jul 26, 2018

We are configuring Portal for ArcGIS 10.4.1 and we leaning towards SAML and ADFS as our authentication solution. One question has come up as we work through testing: Can we use AD groups to manage Portal groups as part of this solution? For example, we want to create groups in Portal and instead of adding individuals to those groups we instead want to add an AD group using the From an Enterprise Group at the bottom of the group creation page:

A few other factors need to be true for this to be a viable solution for us:

  • must work on mobile devices (iOS and Android)
  • must work in Windows (browser, ArcMap, and ArcGIS Pro)
  • group membership must be updated regularly by checking with the AD group membership (I believe I read somewhere that it defaults to daily and also each time the user logs in)


Is anyone using this combination of solutions today? Has anyone tried is and run into issues? Any advice would be great!