I was having issues with my federated portal/server set up and the ESRI tech informed me the username that manages the service has to be apart of the domain the other users are apart of. In my case the ArcGIS user was installed as a local user. From what I gather I need to create a service account that does not expire. The issue I seem to have is that our domain server is a Windows 2003 box.... and service accounts were introduced in 2008 but I see its possible in 2003? Has anyone done this? The server this is on obviously has active directory and a lot of other important things on it for the company so I am some what apprehensive about this but can be persuaded with success stories. I pretty much have everything set up at this point so this is obviously the route i'd prefer going.
With a SAML set up, everyone on the domain would basically be able to log in to ArcGIS online with their domain login eg <domain>\<user> (everyone in the office correct ~30 people)?? Do I understand this correctly? If I have to go this route and I download a Web AppBuilder app created with ArcGIS Online to host on my server locally, I assume that if I've shared the app/webmap with my "Organization" it will still prompt for credentials when they try to access the downloaded web app i host on my server?