We have a Portal for ArcGIS multi machine installation configured with Data Store and federated AGS all at 10.5. Portal is secured using WIA and SAML and the Identity Provider configured to domain “A\”. This is currently working fine but we now have a situation that requires permissioning Portal content to a second domain “B\”. As we can only have one Identity Store defined in Portal I’ve been considering how we permission resources to two identity providers at the same time. This is complicated by the fact the trust relationship between the two domains is one way (B\ to A\ only and not A\ to B\). The plan would be to switch the existing Identity Provider to B\ and to then permission content using B\domain groups that contain A\ and B\ members. I’ve yet to test this but, even if it works, it means changing the Identity Provider on our production Portal site, which I can’t say I’m too excited about. Alternatively I could add a second portal and keep the domains separate or investigate the AddUsers utility but this this currently only adds users not domain groups.
Hopefully that makes sense, apologies if it doesn’t but I wondered if anyone might be able to shed some light on approaches taken when authenticating Portal using multiple Identity Providers.
Thanks for reading this anyway, any help would be much appreciated!