update to SAML user user principal name impact on existing user

80
4
Jump to solution
Thursday
vtey_esriau
New Contributor II

Hi Enterprise guru (tagging @ReeseFacendini )

currently we have SAML idpUsername "xxxx@example.com.au" and we are changing, moving to  "xxxx@example.com" (no .au) .  Will there be any implication to existing users? Will portal have any issues mapping the new idpUsername to existing one if we were to use https://developers.arcgis.com/rest/enterprise-administration/portal/update-enterprise-user.htm and update the idpUsername. The process would be

- Freeze and bring down enterprise

- Update SAML user UPN

- Run python script to update idpUsername using updateEnterpriseUser api

Restart 

Any advise?

1 Solution

Accepted Solutions
ChristopherPawlyszyn
Esri Contributor

As long as the idpUsername matches what the SAML response has listed for Name ID in the subject there shouldn't be any affect on existing users.

 

The caveat here is that the usernames in your organization will remain using the 'example.com.au' suffix. If you want to align that with the new idpUsernames you'd need to perform a migration to the new users including group membership and content from the existing users. If the vanity username in the organization isn't important to update, you can just use the Portal Admin API you listed above.

View solution in original post

4 Replies
ChristopherPawlyszyn
Esri Contributor

As long as the idpUsername matches what the SAML response has listed for Name ID in the subject there shouldn't be any affect on existing users.

 

The caveat here is that the usernames in your organization will remain using the 'example.com.au' suffix. If you want to align that with the new idpUsernames you'd need to perform a migration to the new users including group membership and content from the existing users. If the vanity username in the organization isn't important to update, you can just use the Portal Admin API you listed above.

John_Spence
Occasional Contributor III

Is there an equivalent tool for ArcGIS Online?

0 Kudos
ChristopherPawlyszyn
Esri Contributor

Due to the nature of username uniqueness across all ArcGIS Online organizations the same tool isn't available within the SaaS platform.

0 Kudos
John_Spence
Occasional Contributor III

Dang! Totally understand, but makes it tougher when a user changes their last name, etc. Appreciate the response.

0 Kudos