[New post] Does Portal inherit AD configured membership groups and will users be added to these groups upon login to Portal with their Enterprise Login?

Tanya vT posted: " Portal for ArcGIS may be configured for Enterprise logins (eg SAML/Active Directory).   An organisation may require their Portal content to be managed based on Active Directory Group membership.  The below answers the question "Does Portal automa" Respond to this post by replying above this line New post on Esri Australia Technical Blog Does Portal inherit AD configured membership groups and will users be added to these groups upon login to Portal with their Enterprise Login? by Tanya vT Portal for ArcGIS may be configured for Enterprise logins (eg SAML/Active Directory).   An organisation may require their Portal content to be managed based on Active Directory Group membership.  The below answers the question "Does Portal automatically create groups to match Active Directory Groups and will users automatically be added to these groups when first logging in to Portal using their Enterprise Logins?" The answer is yes, we simply need to configure portal groups and bind them to  the active directory group using the below steps. Does Portal inherit Active Directory Configured Membership groups?   Portal for ArcGIS does not automatically create groups to match what is available in Active Directory.  The GIS Administrator will need to create and configure groups in Portal for ArcGIS for each of the Active Directory Groups that they want to allow membership of.   How to configure Portal to enable Enterprise Group Membership User will need to Manually create the Portal Groups then bind them to the Active Directory Group First, configure the organisation  SAML settings to enable SAML based Group Membership. This may be done via Organisations > Settings > Security >  Logins > Configure > Advanced Settings You will then have the ability to create Portal groups with the setting "Enable SAML based group membership" Here is where you will need to configure the enterprise group name.  This name may not be a recognisable name, it may be a group ID or SID.  Members will only be added to the group once they have logged in and if there is a group in the SAML assertion response which matches the enterprise group name.    Can SAML/Active Directory users be automatically added to configured Enterprise groups when signing into Portal?   Yes.  Once you have configured the Portal Groups and associated them with their respective Active Directory  groups you do not need to manage membership of those groups within Portal.  When a user logs in with  their enterprise account, the groups to which they are members in Active Directory is returned in the SAML response and ArcGIS reflects that by allowing the user membership to the matching groups you have defined.   Relevant resources Use your portal with LDAP or Active Directory and portal-tier authentication https://enterprise.arcgis.com/en/portal/latest/administer/windows/use-your-portal-with-ldap-and-portal-tier-authentication.htm Link enterprise groups from an IDP https://enterprise.arcgis.com/en/portal/latest/administer/windows/create-groups.htm#ESRI_SECTION1_5E3FFFAA1B7E443FBB1E483E070B1979 Tanya vT | October 8, 2021 at 5:12 pm | Tags: Active Directory, AD, Enterprise Groups, Enterprise Logins, Group Membership, Portal for ArcGIS, SAML | Categories: General | URL: https://wp.me/p1B3PR-2Ef Comment    See all comments    Like Unsubscribe to no longer receive posts from Esri Australia Technical Blog. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: https://esriaustraliatechblog.wordpress.com/2021/10/08/does-portal-inherit-ad-configured-membership-groups-and-will-users-be-added-to-these-groups-upon-login-to-portal-with-their-enterprise-login/ Thanks for flying with WordPress.com