Add members to your portal

If the portal has been configured to access your organization's Windows Active Directory (AD), LDAP, or SAML groups, organization-specific accounts can be added in bulk based on their Active Directory, LDAP, or SAML group membership.

You can add built-in accounts individually or in bulk using the portal.

If you're using the portal's built-in store to manage members, the member's account is added to the built-in identity store and appears in the portal. The account information is stored in the portal.

If you're using organization-specific logins or identity store to manage members, the account information is read from the organization-specific identity provider and appears as an entry in the portal. The account authentication information is not stored in the portal.

To learn more about how members are managed in the portal, see Manage access to your portal. For full instructions on how to add members to your portal, see the steps in the sections below.

Allow users to add their own accounts

Users can add their own organization-specific accounts or portal accounts.

Organization-specific accounts

If your portal is configured with an organization-specific identity store, you can configure the portal to register these accounts with it the first time the organization-specific accounts connect to it. By default, new installations of portal do not allow accounts from an organization-specific identity store to be registered to the portal automatically. For full instructions on how to configure your portal to allow this, see Automatic registration of organization-specific accounts.

Add accounts using the portal

Using the portal, you can add built-in or organization-specific accounts to the organization. Accounts can be added individually or in bulk using a comma-separated values (.csv) file. If the portal has been configured to access your organization's Active Directory, LDAP, or SAML groups, organization-specific accounts can be added from Active Directory, LDAP, or SAML groups in your organization.

Add built-in members

You can add built-in members one at a time or in bulk from a file.

Add one at a time

To add members one at a time, complete the following steps:

  1. Verify that you are signed in as an administrator of your organization.
  2. Click Organization > Members > Add Members.
  3. On the Add Members page, under Method, select the Add built-in portal members option and click Next.
  4. Click the New member tab and provide the following information:
    • First name—The user's first name (for example, Jon).
    • Last name—The user's last name (for example, Cho).
    • Email address—An email address for the user, for example, jcho@email.com. If an email address is not available, use the email address of the administrator. The email address cannot contain an apostrophe.
    • Username—The username alias for the account. The username is populated automatically based on the default username format specified for the organization. You can modify it as desired (for example, jcho11). The username must be between 6 and 128 ASCII characters. Some areas of ArcGIS Enterprise require that you enter a case sensitive username. You must inform the user of their username.
    • User type—The user type to which the user will be assigned. Select any available user type from the drop-down list. You can click the compatible roles and compatible add-on licenses count to find out more about what is compatible with the selected user type. For more information, see User types.
    • Role—The role to which the member will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role) that is compatible with the selected user type.
    • Password—A password for the account (for example, jcho.1234). The password must be at least eight characters and have at least one number and letter. You must inform the user of their password. It's recommended that you encourage the user to change their password after signing in for the first time.
  5. Click Next to complete adding this user, or click Next, add another to add more users.
  6. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  7. On the Set member properties page, assign add-on licenses, groups, and settings to the selected members.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save.

      You only see this option if you have privileges to manage licenses.

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Contributor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Member categories section, if your organization has set up member categories and you want to assign member categories to the new members, click Assign categories. Select up to 20 categories to assign and click Save.

      You only see this option if the organization has configured member categories and you have the administrative privilege to update member information.

    4. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page.

      You only see these options if you have privileges to update members.

  8. Click Next.
  9. Review the summary page to ensure the details are correct, and select Add Members to add the new members to your organization.

The member accounts are added to the portal. The users can now sign in using the credentials you specified.

Add from a file

To add members from a file, complete the following steps:

  1. Create a plain-text .csv file that contains information for each member account.

    The first line must contain header information with these field names: Email, Role, User Type, First Name, Last Name, Username, and Password.

    Tip:

    To download a UTF-8 encoded .csv file with the required fields prepopulated in your specified language, click Download CSV template on the Add members from a file page (step 6 below).

    Subsequent lines include the actual member account information as follows:

    • First Name—The user's first name (for example, Jon).
    • Last Name—The user's last name (for example, Cho).
    • Email—An email address for the user, for example, jcho@email.com. If an email address is not available, use the email address of the administrator. The email address cannot contain an apostrophe.
    • Username—The username alias for the account. The username is populated automatically based on the default username format specified for the organization. You can modify it as desired (for example, jcho11). The username must be between 6 and 128 ASCII characters. Some areas of ArcGIS Enterprise require that you enter a case sensitive username. You must inform the user of their username.
    • Password—A password for the account (for example, jcho.1234). The password must be at least eight characters and have at least one number and letter. You must inform the user of their password. It's recommended that you encourage the user to change their password after signing in for the first time.
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
    • User Type—The user type to which the user will be assigned. This can include any user type available to your organization. For more information, see User types.

    The format for the file is as follows:

    Email,Role,User Type,First Name,Last Name,Username,Password
    jcho11@email.com,publisher,Creator,Jon,Cho,jcho11,jcho.1234
    srajhandas@email.com,viewer,Viewer,Satish,Rajhandas,srajhandas,sraj.abcd1
    

  2. Save the document as a plain-text .csv file and close it.
  3. Verify that you are signed in as an administrator of your organization.
  4. Click Organization > Members > Add Members.
  5. On the Add Members page, under Method, select the Add built-in portal members option and click Next.
  6. Click the New members from a file tab and click Browse to select the .csv file. Click Open.

    The file is checked for field errors. If errors are found, click Edit beside the listed error, fix the error, and click Save. To remove a member with invalid properties, check the box beside the member name and click Remove. Alternatively, you can fix the errors directly in your file and click Choose a different file to select the updated file.

  7. On the Compile member list page, review the list of members that will be added to the organization and remove members from the list if needed. Click Next.
  8. On the Set member properties page, assign add-on licenses, groups, and settings to the selected members.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Contributor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Member categories section, if your organization has set up member categories and you want to assign member categories to the new members, click Assign categories. Select up to 20 categories to assign and click Save.

      You only see this option if the organization has configured member categories and you have the administrative privilege to update member information.

    4. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page.

      You only see these options if you have privileges to update members.

  9. Review the summary page to ensure the details are correct, and select Add Members to add the new members to your organization.

The member accounts are added to the portal. The users can now sign in using the credentials you specified.

Add members using their organization-specific logins

You can add members directly to the organization by creating ArcGIS accounts that the member can access using an organization-specific login. This option is only available if your organization has configured SAML logins or OpenID Connect logins. You can add members one at a time or in bulk using a .csv file.

Add one at a time

To add members one at a time, complete the following steps:

  1. Verify that you are signed in as an administrator of your organization.
  2. Click Organization > Members > Add Members.
  3. Select the Add members for organization-specific logins option and click Next.
  4. Click the New member tab and provide the following information:
    • First name—The user's first name (for example, Jon).
    • Last name—The user's last name (for example, Cho).
    • Email address—Email address for the user, for example, jcho@email.com. If an email address is not available, use the email address of the administrator. The email address cannot contain an apostrophe.
    • Identity type—If your organization has both SAML and OpenID Connect configured, select the Identity type option you want to use.
    • User identifier—The user identifier for the account. The user identifier must match the corresponding value in the SAML or OpenID Connect identity provider (IdP). If it doesn't match, the ArcGIS account will be created but cannot be used. Verify that the SAML or OpenID Connect user identifier is correct before proceeding.
      Note:

      For SAML logins, the user identifier must match the value returned by the SAML IdP in the NameID attribute of the SAML assertion response. In the following example, the user identifier value in the SAML assertion response is John.Smith.23511.

      <samlp:Response>
          ...
          ...
      	      <Assertion>
      	          ...
      	          ...
      		            <Subject>
      			                   <NameID>John.Smith.23511</NameID>
      		            </Subject>
      	          ...
      	          ...
      	      </Assertion>
      </samlp:Response>
      

      To view the SAML assertion response, you must use a SAML tracer extension in your web browser.

      For OpenID Connect logins, if you did not specify a custom value for the optional User identifier claim when configuring the login, the user identifier value must match the value of the subject identifier (sub) attribute sent in the ID token from the OpenID Connect provider (for example, the Google ID Token from Google) to ArcGIS. The subject identifier uniquely identifies each user. For example, the sub value may be 10769150350006150715113082367 for Google user jsmith or auth0|123456 for Auth0 user Jane Doe.

      In the following sample Microsoft Identity OpenID Connect ID token, the custom oid attribute is configured as the User identifier claim value and the user identifier value for the user Abe Lincoln is 05833b6b-aa1d-42d4-9ec0-1b2bb9194438.

      {
        "typ": "JWT",
        "alg": "RS256",
        "x5t": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw",
        "kid": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw"
      }.{
        "aud": "b14a7505-96e9-4927-91e8-0601d0fc9caa",
        "iss": "https://sts.windows.net/fa15d692-e9c7-4460-a743-29f2956fd429/",
        "iat": 1536275124,
        "nbf": 1536275124,
        "exp": 1536279024,
        "aio": "AXQAi/8IAAAAqxsuB+R4D2rFQqOETO4YdXbLD9kZ8xfXadeAM0Q2NkNT5izfg3uwbWSXhuSSj6UT5hy2D6WqApB5jKA6ZgZ9k/SU27uV9cetXfLOtpNttgk5DcBtk+LLstz/Jg+gYRmv9bUU4XlphTc6C86Jmj1FCw==",
        "amr": [
          "rsa"
        ],
        "email": "abeli@microsoft.com",
        "family_name": "Lincoln",
        "given_name": "Abe",
        "idp": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
        "ipaddr": "131.107.222.22",
        "name": "abeli",
        "nonce": "123523",
        "oid": "05833b6b-aa1d-42d4-9ec0-1b2bb9194438",
        "rh": "I",
        "sub": "5_J9rSss8-jvt_Icu6ueRNL8xXb8LF4Fsg_KooC2RJQ",
        "tid": "fa15d692-e9c7-4460-a743-29f2956fd429",
        "unique_name": "AbeLi@microsoft.com",
        "uti": "Lxe_46GqTkOpGSfTln4EAA",
        "ver": "1.0"
      }.[Signature]
      
    • ArcGIS username—This option is only available if you specified a custom value for the optional ArcGIS username claim value when configuring the OpenID Connect login. The ArcGIS username must match the value of the corresponding attribute sent in the ID token from the OpenID Connect provider.
      Note:

      In the following sample Microsoft Identity OpenID Connect ID token, the custom unique_name attribute is specified for the ArcGIS username claim value and the ArcGIS username value is AbeLi@microsoft.com.

      {
        "typ": "JWT",
        "alg": "RS256",
        "x5t": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw",
        "kid": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw"
      }.{
        "aud": "b14a7505-96e9-4927-91e8-0601d0fc9caa",
        "iss": "https://sts.windows.net/fa15d692-e9c7-4460-a743-29f2956fd429/",
        "iat": 1536275124,
        "nbf": 1536275124,
        "exp": 1536279024,
        "aio": "AXQAi/8IAAAAqxsuB+R4D2rFQqOETO4YdXbLD9kZ8xfXadeAM0Q2NkNT5izfg3uwbWSXhuSSj6UT5hy2D6WqApB5jKA6ZgZ9k/SU27uV9cetXfLOtpNttgk5DcBtk+LLstz/Jg+gYRmv9bUU4XlphTc6C86Jmj1FCw==",
        "amr": [
          "rsa"
        ],
        "email": "abeli@microsoft.com",
        "family_name": "Lincoln",
        "given_name": "Abe",
        "idp": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
        "ipaddr": "131.107.222.22",
        "name": "abeli",
        "nonce": "123523",
        "oid": "05833b6b-aa1d-42d4-9ec0-1b2bb9194438",
        "rh": "I",
        "sub": "5_J9rSss8-jvt_Icu6ueRNL8xXb8LF4Fsg_KooC2RJQ",
        "tid": "fa15d692-e9c7-4460-a743-29f2956fd429",
        "unique_name": "AbeLi@microsoft.com",
        "uti": "Lxe_46GqTkOpGSfTln4EAA",
        "ver": "1.0"
      }.[Signature]
      
    • User type—The user type to which the user will be assigned. Select any available user type from the drop-down list. You can click the compatible roles and compatible add-on licenses count to find out more about what is compatible with the selected user type. For more information, see User types.
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
  5. Click Next to complete adding this user, or click Next, add another to add more users.
  6. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  7. On the Set member properties page, assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Contributor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Member categories section, if your organization has set up member categories and you want to assign member categories to the new members, click Assign categories. Select up to 20 categories to assign and click Save.

      You only see this option if the organization has configured member categories and you have the administrative privilege to update member information.

    4. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page.

      You only see these options if you have privileges to update members.

  8. Review the summary page to ensure the details are correct, and select Add Members to add the new members to your organization.

The member accounts are added to the organization. The user can now sign in to the portal.

Add from a file

To add members from a file, complete the following steps:

  1. Create a plain-text .csv file that contains information for each member account.

    The first line must contain header information with these field names: Email, Role, User Type, First Name, Last Name, Username, and Identity Type.

    Tip:

    To download a UTF-8 encoded .csv file with the required fields prepopulated in your specified language, click Download CSV template on the Add members from a file page (step 6 below).

    Subsequent lines include the actual member account information as follows:

    • First Name—The user's first name (for example, Jon).
    • Last Name—The user's last name (for example, Cho).
    • Email—An email address for the user, for example, jcho@email.com. If an email address is not available, use the email address of the administrator. The email address cannot contain an apostrophe.
    • Identity type—This information is only required if your organization has both SAML and OpenID Connect configured.
    • User identifier—The user identifier for the account. The user identifier must match the corresponding value in the SAML or OpenID Connect identity provider (IdP). If it doesn't match, the ArcGIS account will be created but cannot be used. Verify that the SAML or OpenID Connect user identifier is correct before proceeding.
      Note:

      For SAML logins, the user identifier must match the value returned by the SAML IdP in the NameID attribute of the SAML assertion response. In the following example, the user identifier value in the SAML assertion response is John.Smith.23511.

      <samlp:Response>
          ...
          ...
      	      <Assertion>
      	          ...
      	          ...
      		            <Subject>
      			                   <NameID>John.Smith.23511</NameID>
      		            </Subject>
      	          ...
      	          ...
      	      </Assertion>
      </samlp:Response>
      

      To view the SAML assertion response, you must use a SAML tracer extension in your web browser.

      For OpenID Connect logins, if you did not specify a custom value for the optional User identifier claim value when configuring the login, the user identifier value must match the value of the subject identifier (sub) attribute sent in the ID token from the OpenID Connect provider (for example, the Google ID Token from Google) to ArcGIS. The subject identifier uniquely identifies each user. For example, the sub value may be 10769150350006150715113082367 for Google user jsmith or auth0|123456 for Auth0 user Jane Doe.

      In the following sample Microsoft Identity OpenID Connect ID token, the custom oid attribute is configured as the User identifier claim value and the user identifier value for the user Abe Lincoln is 05833b6b-aa1d-42d4-9ec0-1b2bb9194438.

      {
        "typ": "JWT",
        "alg": "RS256",
        "x5t": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw",
        "kid": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw"
      }.{
        "aud": "b14a7505-96e9-4927-91e8-0601d0fc9caa",
        "iss": "https://sts.windows.net/fa15d692-e9c7-4460-a743-29f2956fd429/",
        "iat": 1536275124,
        "nbf": 1536275124,
        "exp": 1536279024,
        "aio": "AXQAi/8IAAAAqxsuB+R4D2rFQqOETO4YdXbLD9kZ8xfXadeAM0Q2NkNT5izfg3uwbWSXhuSSj6UT5hy2D6WqApB5jKA6ZgZ9k/SU27uV9cetXfLOtpNttgk5DcBtk+LLstz/Jg+gYRmv9bUU4XlphTc6C86Jmj1FCw==",
        "amr": [
          "rsa"
        ],
        "email": "abeli@microsoft.com",
        "family_name": "Lincoln",
        "given_name": "Abe",
        "idp": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
        "ipaddr": "131.107.222.22",
        "name": "abeli",
        "nonce": "123523",
        "oid": "05833b6b-aa1d-42d4-9ec0-1b2bb9194438",
        "rh": "I",
        "sub": "5_J9rSss8-jvt_Icu6ueRNL8xXb8LF4Fsg_KooC2RJQ",
        "tid": "fa15d692-e9c7-4460-a743-29f2956fd429",
        "unique_name": "AbeLi@microsoft.com",
        "uti": "Lxe_46GqTkOpGSfTln4EAA",
        "ver": "1.0"
      }.[Signature]
      
    • ArcGIS username—This information is only required if you specified a custom value for the optional ArcGIS username claim value when configuring the OpenID Connect login. The ArcGIS username must match the value of the corresponding attribute sent in the ID token from the OpenID Connect provider.
      Note:

      In the following sample Microsoft Identity OpenID Connect ID token, the custom unique_name attribute is specified for the ArcGIS username claim value and the ArcGIS username value is AbeLi@microsoft.com.

      {
        "typ": "JWT",
        "alg": "RS256",
        "x5t": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw",
        "kid": "7_Zuf1tvkwLxYaHS3q6lUjUYIGw"
      }.{
        "aud": "b14a7505-96e9-4927-91e8-0601d0fc9caa",
        "iss": "https://sts.windows.net/fa15d692-e9c7-4460-a743-29f2956fd429/",
        "iat": 1536275124,
        "nbf": 1536275124,
        "exp": 1536279024,
        "aio": "AXQAi/8IAAAAqxsuB+R4D2rFQqOETO4YdXbLD9kZ8xfXadeAM0Q2NkNT5izfg3uwbWSXhuSSj6UT5hy2D6WqApB5jKA6ZgZ9k/SU27uV9cetXfLOtpNttgk5DcBtk+LLstz/Jg+gYRmv9bUU4XlphTc6C86Jmj1FCw==",
        "amr": [
          "rsa"
        ],
        "email": "abeli@microsoft.com",
        "family_name": "Lincoln",
        "given_name": "Abe",
        "idp": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
        "ipaddr": "131.107.222.22",
        "name": "abeli",
        "nonce": "123523",
        "oid": "05833b6b-aa1d-42d4-9ec0-1b2bb9194438",
        "rh": "I",
        "sub": "5_J9rSss8-jvt_Icu6ueRNL8xXb8LF4Fsg_KooC2RJQ",
        "tid": "fa15d692-e9c7-4460-a743-29f2956fd429",
        "unique_name": "AbeLi@microsoft.com",
        "uti": "Lxe_46GqTkOpGSfTln4EAA",
        "ver": "1.0"
      }.[Signature]
      
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
    • User Type—The user type to which the user will be assigned. This can include any user type available to your organization. For more information, see User types.

    If your organization has both SAML and OpenID Connect configured, the format for the file is as follows:

    Email,Role,User Type,First Name,Last Name,User identifier,Identity Type
    jcho@email.com,publisher,Professional Plus,Jon,Cho,jcho11,SAML
    srajhandas@email.com,viewer,Viewer,Satish,Rajhandas,srajhandas,SAML
    

    If your organization has only SAML or OpenID Connect configured, the format for the file is as follows:

    Email,Role,User Type,First Name,Last Name,User identifier
    jcho@email.com,publisher,Professional Plus,Jon,Cho,jcho11
    srajhandas@email.com,viewer,Viewer,Satish,Rajhandas,srajhandas
    

    If your organization has only OpenID Connect configured with custom ArcGIS username, the format for the file is as follows:

    Email,Role,User Type,First Name,Last Name,User identifier,ArcGIS username
    jcho@email.com,publisher,Professional Plus,Jon,Cho,jcho11,JCho@email.com 
    srajhandas@email.com,viewer,Viewer,Satish,Rajhandas,srajhandas,SRajhandas@email.com
    

  2. Save the document as a plain-text .csv file and close it.
  3. Verify that you are signed in as an administrator of your organization.
  4. Click Organization > Members > Add Members.
  5. Select the Add members for organization-specific logins option and click Next.
  6. Click the New members from a file tab and click Browse to select the .csv file. Click Open.

    The file is checked for field errors. If errors are found, click Edit beside the listed error, fix the error, and click Save. To remove a member with invalid properties, check the box beside the member name and click Remove. Alternatively, you can fix the errors directly in your file and click Choose a different file to select the updated file.

  7. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  8. On the Set member properties page, assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save.

      You only see this option if you have privileges to manage licenses.

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Contributor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Member categories section, if your organization has set up member categories and you want to assign member categories to the new members, click Assign categories. Select up to 20 categories to assign and click Save.

      You only see this option if the organization has configured member categories and you have the administrative privilege to update member information.

    4. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page.

      You only see these options if you have privileges to update members.

  9. Review the summary page to ensure the details are correct, and select Add Members to add the new members to your organization.

The member accounts are added to the organization. The users can now sign in to the portal.

Add members from AD or LDAP identity providers

If your portal has been configured with an organization-specific identity provider based on Active Directory (AD) or Lightweight Directory Access Protocol (LDAP), organization-specific accounts can be added individually, in bulk, or from AD or LDAP groups managed by the identity provider.

Note:

Accounts must include an email address to be added to the portal. Any special characters in account names will be changed to an underscore (_), except the at sign (@), point (.), or dash (-).

Add one at a time

To add members one at a time, complete the following steps:

  1. Verify that you are signed in as an administrator of your organization.
  2. Click Organization > Members > Add Members.
  3. On the Add members page, select the Add members based on existing Active Directory or LDAP users option and click Next.
  4. Click the New member tab and provide the following information:
    • Username—The username alias for the account. The username must match the existing Active Directory or LDAP user and format defined in the identity provider (for example, jcho11). Click the magnifying glass to search for and select the desired username.
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
    • User Type—The user type to which the user will be assigned. Select any available user type from the drop-down list. You can click the compatible roles and compatible add-on licenses count to find out more about what is compatible with the selected user type. For more information, see User types.
  5. Click Next to complete adding this user, or Next, add another to add more users.
  6. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  7. On the Set member properties page, you can assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Contributor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Member categories section, if your organization has set up member categories and you want to assign member categories to the new members, click Assign categories. Select up to 20 categories to assign and click Save.

      You only see this option if the organization has configured member categories and you have the administrative privilege to update member information.

    4. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page.

      You only see these options if you have privileges to update members.

  8. Verify that the member account information is correct and click Add Members.

The member account is added to the organization. The user can now sign in to the portal.

Add from a file

To add members from a file, complete the following steps:

  1. Create a plain-text .csv file that contains information for each member account.

    The first line must contain header information with these field names: Username, Role, and User Type.

    Tip:

    To download a UTF-8 encoded .csv file with the required fields prepopulated in your specified language, click Download CSV template on the Add members from a file page (step 6 below).

    Subsequent lines include the actual member account information as follows:

    • Username—The username alias for the account. The username must match the existing Active Directory or LDAP user and format defined in the organization-specific identity provider (for example, jcho11).
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
    • User Type—The user type to which the user will be assigned. This can include any user type available to your organization. For more information, see User types.

    The format for the file is as follows:

    Username,Role,User Type
    jcho11,publisher,Contributor 
    srajhandas,viewer,Viewer
    

  2. Save the document as a plain-text .csv file and close it.
  3. Verify that you are signed in as an administrator of your organization.
  4. Click Organization > Members > Add Members.
  5. Select the Add members based on existing Active Directory or LDAP users option and click Next.
  6. Click the New members from a file tab and click Browse to select the .csv file. Click Open.

    The file is checked for field errors. If errors are found, click Edit beside the listed error, fix the error, and click Save. To remove a member with invalid properties, check the box beside the member name and click Remove. Alternatively, you can fix the errors directly in your file and click Choose a different file to select the updated file.

  7. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  8. On the Set member properties page, assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Contributor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Member categories section, if your organization has set up member categories and you want to assign member categories to the new members, click Assign categories. Select up to 20 categories to assign and click Save.

      You only see this option if the organization has configured member categories and you have the administrative privilege to update member information.

    4. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page.

      You only see these options if you have privileges to update members.

  9. Review the summary page to ensure the details are correct, and select Add Members to add the new members to your organization.

The member accounts are added to the organization. The users can now sign in to the portal.

Add from a group

If your portal has been configured with AD or LDAP-based groups, you can add accounts from the AD or LDAP groups you've connected to your portal. See Create groups for more information.

  1. Verify that you are signed in as an administrator of your organization.
  2. Click Organization > Members > Add Members.
  3. Select the Add members based on existing Active Directory or LDAP users option and click Next.
  4. Click the From a group tab and provide the following information:
    • Active Directory or LDAP Group—The Active Directory or LDAP group name. Click the magnifying glass to search for and select the desired Active Directory or LDAP group.
    • Role—The role to which the selected accounts will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
    • User Type—The user type to which the member will be assigned. For more information, see User types.
  5. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  6. On the Set member properties page, assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Contributor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Member categories section, if your organization has set up member categories and you want to assign member categories to the new members, click Assign categories. Select up to 20 categories to assign and click Save.

      You only see this option if the organization has configured member categories and you have the administrative privilege to update member information.

    4. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page.

      You only see these options if you have privileges to update members.

  7. If your group is from an LDAP server, members of nested groups are not added to the portal.

  8. Review the summary page to ensure the details are correct, and select Add Members to add the new members to your organization.

The member accounts are added to the organization. The users can now sign in to the portal.