SAML-based enterprise groups in Portal not working?

Question asked by szelonis_mcpd on Sep 6, 2018
I've had a ticket with Esri for the past few months trying to figure this out, but wanted to throw it out to the community to see if anyone else is having the same problem.


I have Portal 10.6.1 and am trying to create Portal groups that are tied to enterprise SAML-based groups. I've followed all instructions here Create groups—Portal for ArcGIS (10.6) | ArcGIS Enterprise under the SAML-based IDP section, but still can't get it to work. 


Here's what happens:  I create a group in my Portal (e.g. "Test Group") and set it to only be able to be joined by Members of an Enterprise Group. I type the name exactly of my SAML-based enterprise group (e.g. "SAML_Test_Group") to link to "Test Group". My enterprise username is a member of "SAML_Test_Group", so in theory I should be able to log into the Portal, see the "Test Group", and be able to share content into it. Here's where the problem is. I can see the "Test Group", but I cannot share any content into it. I've tried adjusting every group setting possible, and also have had many other people try a similar workflow. On the SAML side of things, our IT group sees the SAML assertions when I access the group, so I think everything is working properly on that side of things. I think it's in the Portal where something is going wrong. 


I've been going back and forth with Esri tech support unsuccessfully for a few months. I was wondering if anyone else is having the same issue? Or is it working for you? I've searched GeoNet and can't find anything related.