You can configure your ArcGIS Enterprise organization to register ArcGIS organizational accounts automatically for organization-specific users the first time they access the organization, or you can block automatic account registration. You must set a default role and user type for new accounts from the portal before you enable automatic account creation.
If automatic account creation is turned off, organization-specific users that are not members of your portal are treated as anonymous users. These users can still access the portal if anonymous access is allowed, and they have the same privileges as a user who does not have an ArcGIS organizational account. If you want them to have more privileges, you must add them as members to your portal.
By default, new ArcGIS Enterprise on Kubernetes organizations do not allow automatic account registration.
By default, automatic account registration is disabled in the organization. To enable automatic account registration, and administrator must define the default user type and role for new members. The workflow to enable or disable this feature is dependent on the authentication method used by the organization:
- SAML and OpenID authentication—When configuring these methods, the option can be enabled or disabled in the organization settings.
- Portal-tier and web-tier authentication—When configuring these methods, the option can be enabled or disabled using ArcGIS Enterprise Manager.
Note:
Automatically adding organization-specific accounts to your portal can result in a rapid increase of ArcGIS organizational accounts in your portal. Refer to the organization page of the portal to monitor the maximum number of members allowed in your organization. Be aware that when automatic registration is enabled, organization-specific accounts will be added as members of your organization, not only when they browse to your portal, but also when they look at embedded web maps from your portal or look at a web map or web app from a link.
Enable automatic account creation in your organization settings
To enable automatic account creation in your organization settings, follow the steps below.
- Sign into your portal as an administrator.
- Click Organization > Settings > Security.
- In the Logins section, click New SAML login or New Open ID connect login.
- If you selected New SAML login, choose your configuration and click Next.
- In Specify properties, set Your users will be able to join: to Automatically.
- If you selected New Open ID connect login, set Let new members join to Automatically.
- Click Save.
Enable automatic account creation in ArcGIS Enterprise Manager
Registration behavior is controlled in ArcGIS Enterprise Manager. You must set a default user type in the portal to enable automatic account creation.
Note:
For information on adding organization-specific accounts manually, see Add members to your portal.
- Sign in to ArcGIS Enterprise Manager as an administrator.
- Click Security > Identity Store.
- Create and save a Windows Active Directory or LDAP identity store configuration.
Note:
For information on configuring your identity store, see Use LDAP or Windows Active Directory for users and groups.
Once you have created and saved a Windows Active Directory or LDAP identity store configuration, the Enable automatic account creation toggle button becomes available.
- Choose to enable or disable automatic account creation.