Skip To Content

Add members to your portal

You can allow users to add their own accounts using the portal. You can also add built-in accounts individually or in bulk using the portal. A command line utility is also available for you to add built-in or SAML-based accounts in bulk.

If the portal has been configured to access your organization's Active Directory, LDAP, or SAML groups, organization-specific accounts can be added in bulk based on their Active Directory, LDAP, or SAML group membership.

If you're using the portal's built-in store to manage members, the member's account is added to the built-in identity store and appears in the portal. The account information is stored in the portal.

If you're using organization-specific logins or identity store to manage members, the account information is read from the organization-specific identity provider and appears as an entry in the portal. The account authentication information is not stored in the portal.

To learn more about how members are managed in the portal, see Managing access to your portal. For full instructions on how to add members to your portal, see the steps in the sections below.

Allow users to add their own accounts

Organization-specific accounts

If your portal is configured with an organization-specific identity store, you can configure the portal to register these accounts with it the first time the organization-specific accounts connect to it. By default, new installations of portal do not allow accounts from an organization-specific identity store to be registered to the portal automatically. For full instructions on how to configure your portal to allow this, see Automatic registration of organization-specific accounts.

Built-in portal accounts

By default, the portal does not allow users to create built-in accounts using the Sign In page. If your portal uses built-in accounts, you can allow users to add their own accounts by doing the following:

  1. Verify that you are signed in as an administrator of your organization.
  2. Choose a default user type and role to be assigned to new members.
  3. Click Organization > Settings > Security.
  4. Check the box next to Allow users to create new built-in accounts.
    Note:

    A warning indicates that your portal will restart automatically upon clicking Save.

  5. Click Save.
    Note:

    Your portal restarts, which may take a couple of minutes. Once the restart is complete, the page reloads.

Once the steps above are complete, you can send the portal URL to the people in your organization who need to use the portal. These people can paste the URL in a web browser and create their own account by doing the following:

  1. From the portal home page, click Sign In. You'll also see this page if you attempt to save a map without signing in.
  2. Click Create an account.
  3. Provide your first name, last name, desired user name, password, and email address.

    User names cannot have more than 128 characters or fewer than 6 characters. They can only contain alphanumeric ASCII characters or underscores. Some areas of ArcGIS Enterprise require that you enter a case sensitive user name.

  4. Choose an identity question and type an answer to the question.
  5. Click Create My Account.

An account is added to the portal's identity store, and the user is signed in to the portal.

Add accounts using the portal

Using the portal, you can add built-in or organization-specific accounts to the organization. Accounts can be added individually or in bulk using a comma-separated values (CSV) file.

Note:

If you are adding more than 1,000 users at once, use the CreateUsers command line utility to do so.

If the portal has been configured to access your organization's Active Directory, LDAP, or SAML groups, organization-specific accounts can be added from Active Directory, LDAP, or SAML groups in your organization.

Add built-in members

You can add built-in members one at a time or in bulk from a file.

One at a time

  1. Verify that you are signed in as an Administrator of your organization.
  2. Click Organization > Members > Add Members.
  3. On the Add Members page, under Method, select the Add built-in portal members option and click Next.
  4. Click the New member tab and provide the following information:
    • First name—The user's first name (for example, Jon).
    • Last name—The user's last name (for example, Cho).
    • Email address—An email address for the user, for example, jcho@email.com. If an email address is not available, use the email address of the Administrator.
    • Username—The user name alias for the account. The user name is populated automatically based on the email address. You can modify it as desired (for example, jcho11). The user name must be between 6 and 128 ASCII characters. Some areas of ArcGIS Enterprise require that you enter a case sensitive user name. You must inform the user of their user name.
    • User type—The user type to which the user will be assigned. Select any available user type from the drop-down list. You can click the compatible roles and compatible add-on licenses count to find out more about what is compatible with the selected user type. For more information, see User types, roles, and privileges.
    • Role—The role to which the member will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role) that is compatible with the selected user type.
    • Password—A password for the account (for example, jcho.1234). The password must be at least eight characters and have at least one number and letter. You must inform the user of their password. It's recommended that you encourage the user to change their password after signing in for the first time.
  5. Click Next to complete adding this user, or Next, add another to add more users.
  6. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  7. On the Set member properties page, you can assign add-on licenses, groups, and settings to the selected members.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Editor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page. (You only see these options if you have privileges to update members.)
  8. Click Next.
  9. Review the summary page to ensure the details are correct, then select Add Members to add the new members to your organization.

The member accounts are added to the portal. The users can now sign in using the credentials you specified.

From a file

  1. Create a plain-text CSV file that contains information for each member account. The first line must contain header information with these field names: Email, Role, User Type, First Name, Last Name, Username, and Password. Subsequent lines include the actual member account information as follows:
    Tip:

    To download a UTF-8 encoded CSV file with the required fields prepopulated in your specified language, click Download CSV template on the Add members from a file page (step 6 below).

    • First Name—The user's first name (for example, Jon).
    • Last Name—The user's last name (for example, Cho).
    • Email—An email address for the user, for example, jcho@email.com. If an email address is not available, use the email address of the Administrator.
    • Username—The user name alias for the account. The user name is populated automatically based on the email address. You can modify it as desired (for example, jcho11). The user name must be between 6 and 128 ASCII characters. Some areas of ArcGIS Enterprise require that you enter a case sensitive user name. You must inform the user of their user name.
    • Password—A password for the account (for example, jcho.1234). The password must be at least eight characters and have at least one number and letter. You must inform the user of their password. It's recommended that you encourage the user to change their password after signing in for the first time.
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
      Legacy:

      In earlier versions of the portal, you could only assign the member to a user, publisher, or custom role that did not contain administrative privileges. You could not assign a member to the administrator role. You could assign them to the role after creating the account. Beginning at 10.3.1, you can assign a member to a role with administrative privileges.

    • User Type—The user type to which the user will be assigned. This can include any user type available to your organization. For more information, see User types, roles, and privileges.

    The format for the file is as follows:

    Email,Role,User Type,First Name,Last Name,Username,Password
    jcho11@email.com,publisher,Creator,Jon,Cho,jcho11,jcho.1234
    srajhandas@email.com,viewer,Viewer,Satish,Rajhandas,srajhandas,sraj.abcd1

  2. Save the document as a plain-text CSV file and close it.
  3. Verify that you are signed in as an Administrator of your organization.
  4. Click Organization > Members > Add Members.
  5. On the Add Members page, under Method, select the Add built-in portal members option and click Next.
  6. Click the New members from a file tab and click Browse to select the CSV file. Click Open.
  7. Verify that each of the required fields have a check mark next to them, and click Next.
  8. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  9. On the Set member properties page, you can assign add-on licenses, groups, and settings to the selected members.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Editor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page. (You only see these options if you have privileges to update members.)
  10. Review the summary page to ensure the details are correct, then select Add Members to add the new members to your organization.

The member accounts are added to the portal. The users can now sign in using the credentials you specified.

Add members using their organization-specific logins

You can add members directly to the organization by creating ArcGIS accounts that the member can access using an organization-specific login. This option is only available if your organization has configured SAML logins or OpenID Connect logins. You can add members one at a time or in bulk using a CSV file.

One at a time

  1. Verify that you are signed in as an administrator of your organization.
  2. Click Organization > Members > Add Members.
  3. Select the Add members for organization-specific logins option and click Next.
  4. Click the New member tab and provide the following information:
    • First name—The user's first name (for example, Jon).
    • Last name—The user's last name (for example, Cho).
    • Email address—Email address for the user, for example, jcho@email.com. If an email address is not available, use the email address of the Administrator.
    • Identity type—If your organization has both SAML and OpenID Connect configured, select the Identity type option you want to use.
    • Username—The user name for the account. The user name must match the existing SAML or OpenID Connect ID. If it doesn't match, the account will be created but cannot be used. Verify that the SAML or OpenID Connect ID is correct before proceeding.
      Note:

      For SAML logins, the ID value must match the value configured by the identity provider (IDP) for the NameID attribute. For OpenID Connect logins, the ID value must match the unique identifier assigned to each user by the OpenID Connect provider (for example, Google).

    • User type—The user type to which the user will be assigned. Select any available user type from the drop-down list. You can click the compatible roles and compatible add-on licenses count to find out more about what is compatible with the selected user type. For more information, see User types, roles, and privileges.
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
      Legacy:

      In earlier versions of the portal, you could only assign the member to a user, publisher, or custom role without administrative privileges. You could not assign a member to the administrator role. You could assign them to the role after creating the account. Beginning at 10.3.1, you can assign a member to a role with administrative privileges.

  5. Click Next to complete adding this user, or Next, add another to add more users.
  6. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  7. On the Set member properties page, you can assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Editor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page. (You only see these options if you have privileges to update members.)
  8. Review the summary page to ensure the details are correct, then select Add Members to add the new members to your organization.

The member accounts are added to the organization. The user can now sign in to the portal.

From a file

  1. Create a plain-text CSV file that contains information for each member account. The first line must contain header information with these field names: Email, Role, User Type, First Name, Last Name, Username, and Identity Type. Subsequent lines include the actual member account information as follows:
    Tip:

    To download a UTF-8 encoded CSV file with the required fields prepopulated in your specified language, click Download CSV template on the Add members from a file page (step 6 below).

    • First Name—The user's first name (for example, Jon).
    • Last Name—The user's last name (for example, Cho).
    • Email—An email address for the user, for example, jcho@email.com. If an email address is not available, use the email address of the Administrator.
    • Username—The user name for the account. The user name must match the existing SAML or OpenID Connect ID. If it doesn't match, the account will be created but cannot be used. Verify that the SAML or OpenID Connect ID is correct before proceeding.
      Note:

      For SAML logins, the ID value must match the value configured by the identity provider (IDP) for the NameID attribute. For OpenID Connect logins, the ID value must match the unique identifier assigned to each user by the OpenID Connect provider (for example, Google).

    • Identity type—This information is only required if your organization has both SAML and OpenID Connect configured.
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
      Legacy:

      In earlier versions of the portal, you could only assign the member to a user, publisher, or custom role without administrative privileges. You could not assign a member to the administrator role. You could assign them to the role after creating the account. Beginning at 10.3.1, you can assign a member to a role with administrative privileges.

    • User Type—The user type to which the user will be assigned. This can include any user type available to your organization. For more information, see User types, roles, and privileges.

    If your organization has both SAML and OpenID Connect configured, the format for the file is as follows:

    Email,Role,User Type,First Name,Last Name,Username,Identity Type
    jcho@email.com,publisher,GIS Professional Advanced,Jon,Cho,jcho11,SAML
    srajhandas@email.com,viewer,Viewer,Satish,Rajhandas,srajhandas,SAML

    If your organization has only SAML or OpenID Connect configured, the format for the file is as follows:

    Email,Role,User Type,First Name,Last Name,Username
    jcho@email.com,publisher,GIS Professional Advanced,Jon,Cho,jcho11
    srajhandas@email.com,viewer,Viewer,Satish,Rajhandas,srajhandas

  2. Save the document as a plain-text CSV file and close it.
  3. Verify that you are signed in as an Administrator of your organization.
  4. Click Organization > Members > Add Members.
  5. Select the Add members for organization-specific logins option and click Next.
  6. Click the New members from a file tab and click Browse to select the CSV file. Click Open.
  7. Verify that each of the required fields have a check mark next to them, and click Next.
  8. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  9. On the Set member properties page, you can assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Editor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page. (You only see these options if you have privileges to update members.)
  10. Review the summary page to ensure the details are correct, then select Add Members to add the new members to your organization.

The member accounts are added to the organization. The users can now sign in to the portal.

Add members from AD or LDAP identity providers

If your portal has been configured with an organization-specific identity provider based on Active Directory (AD) or Lightweight Directory Access Protocol (LDAP), organization-specific accounts can be added individually, in bulk, or from AD or LDAP groups managed by the identity provider.

Note:

Accounts must include an email address to be added to the portal. Any special characters in account names will be changed to an underscore (_), except the at sign (@), point (.), or dash (-).

One at a time

  1. Verify that you are signed in as an administrator of your organization.
  2. Click Organization > Members > Add Members.
  3. On the Add members page, select the Add members based on existing Active Directory or LDAP users option and click Next.
  4. Click the New member tab and provide the following information:
    • Username—The user name alias for the account. The user name must match the existing Active Directory or LDAP user and format defined in the identity provider (for example, jcho11). Click the magnifying glass to search for and select the desired user name.
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
    • User Type—The user type to which the user will be assigned. Select any available user type from the drop-down list. You can click the compatible roles and compatible add-on licenses count to find out more about what is compatible with the selected user type. For more information, see User types, roles, and privileges.
  5. Click Next to complete adding this user, or Next, add another to add more users.
  6. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  7. On the Set member properties page, you can assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Editor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page. (You only see these options if you have privileges to update members.)
  8. Verify that the member account information is correct and click Add Members.

The member account is added to the organization. The user can now sign in to the portal.

From a file

  1. Create a plain-text CSV file that contains information for each member account. The first line must contain header information with these field names: Username, Role, and User Type. Subsequent lines include the actual member account information as follows:
    Tip:

    To download a UTF-8 encoded CSV file with the required fields prepopulated in your specified language, click Download CSV template on the Add members from a file page (step 6 below).

    • Username—The user name alias for the account. The user name must match the existing Active Directory or LDAP user and format defined in the organization-specific identity provider (for example, jcho11).
    • Role—The role to which the user will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
      Legacy:

      In earlier versions of the portal, you could only assign the member to a user, publisher, or custom role without administrative privileges. You could not assign a member to the administrator role. You could assign them to the role after creating the account. Beginning at 10.3.1, you can assign a member to a role with administrative privileges.

    • User Type—The user type to which the user will be assigned. This can include any user type available to your organization. For more information, see User types, roles, and privileges.

    The format for the file is as follows:

    Username,Role,User Type
    jcho11,publisher,Editor
    srajhandas,viewer,Viewer

  2. Save the document as a plain-text CSV file and close it.
  3. Verify that you are signed in as an Administrator of your organization.
  4. Click Organization > Members > Add Members.
  5. Select the Add members based on existing Active Directory or LDAP users option and click Next.
  6. Click the New members from a file tab and click Browse to select the CSV file. Click Open.
  7. Verify that each of the required fields have a check mark next to them, and click Next.
  8. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  9. On the Set member properties page, you can assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Editor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page. (You only see these options if you have privileges to update members.)
  10. Review the summary page to ensure the details are correct, then select Add Members to add the new members to your organization.

The member accounts are added to the organization. The users can now sign in to the portal.

From a group

If your portal has been configured with AD or LDAP-based groups, you can add accounts from the AD or LDAP groups you've connected to your portal. See Create groups for more information.

  1. Verify that you are signed in as an Administrator of your organization.
  2. Click Organization > Members > Add Members.
  3. Select the Add members based on existing Active Directory or LDAP users option and click Next.
  4. Click the From a group tab and provide the following information:
    • Active Directory or LDAP Group—The Active Directory or LDAP group name. Click the magnifying glass to search for and select the desired Active Directory or LDAP group.
    • Role—The role to which the selected accounts will be assigned. This can be any role (viewer, user, publisher, data editor, custom role, or administrator role).
      Legacy:

      In earlier versions of the portal, you could only assign members to a user, publisher, or custom role without administrative privileges. You could not assign members to the administrator role. You could assign them to the role after creating the accounts. Beginning at 10.3.1, you can assign members to a role with administrative privileges.

    • User Type—The user type to which the member will be assigned. For more information, see User types, roles, and privileges.
  5. On the Compile member list page, review the list of members that will be added to the organization. Select and click Remove to remove members from the list if needed. Click Next.
  6. On the Set member properties page, you can assign licenses, apps, groups, and settings to the selected members. Click Next.
    1. If you want to assign add-on licenses to the new members and default add-on licenses have not been configured for new organization members (or you want to modify the specified default add-on licenses for the new members), click Manage in the Add-on licenses section. Select the add-on licenses that are compatible with the user types in your member list and click Save. (You only see this option if you have privileges to manage licenses.)

      If you're adding more than one member at a time with different user types, the available licenses are based on the user type with the fewest compatible add-on licenses. For example, if you're adding four Creators and one Editor, and you want to assign ArcGIS Insights, the option won't be available because it's not compatible with both user types. You can click Compile member list to return to the list of new members, select the member with the incompatible user type, and click Remove so you can assign the license. Otherwise, you can assign the add-on licenses later on the Licenses tab.

    2. In the Groups section, if you want to add the new members to groups in your organization and default groups have not been configured for new members (or if you want to modify the specified default groups for the new members), click Manage. Select the desired groups and click Save.
    3. In the Settings section, modify the following member settings: profile visibility, language, number and date format, and a member's start page. (You only see these options if you have privileges to update members.)
  7. If your group is from an LDAP server, members of nested groups are not added to the portal.

  8. Review the summary page to ensure the details are correct, then select Add Members to add the new members to your organization.

The member accounts are added to the organization. The users can now sign in to the portal.

Add members in bulk using a command line utility

Adding members in bulk is useful if you want to add multiple built-in or organization-specific accounts to the portal at once. The CreateUsers tool is located in the <Portal for ArcGIS installation location>/tools/accountmanagement directory. The tool takes a text file as input and must be run on the machine where the portal is installed. The tool will automatically assign add-on licenses and groups as specified in the new member defaults as long as they're compatible with the new member's user type. If either the name or description (described below) includes non-English characters, save the input file as UTF-8; otherwise, non-English characters will not save properly.

Note:

The utility can only be executed by a built-in administrator account; you cannot use an organization-specific administrator account. The built-in account you use can be the initial administrator account you set up when you configured the portal or another built-in account that has been granted administrator privileges. If you deleted the initial administrator account and do not have any other built-in administrator accounts available, you will need to create one to execute the utility. For instructions, see the Built-in portal accounts section above.

Register organization-specific accounts

By default, new installations of Portal for ArcGIS do not allow users to register their organization-specific accounts automatically the first time they sign in. Therefore, you'll need to preregister your organization-specific users with the CreateUsers command line utility tool. If you want organization-specific users to be able to register their own accounts, you can enable automatic registration of organization-specific accounts.

  1. Create a text file that contains information for registering organization-specific accounts. Use a separate line for each account, and separate values using pipes (|). The format for each entry is as follows:

    <login>|<email address>|<name>|<role>|<user type id>|<description>|<Idp UserName>|<first name>|<last name>

    • login—The login is the organization-specific login to be registered. Logins must contain alphanumeric ASCII characters or underscores and can contain up to 128 characters.

      • If you're using Active Directory, this login should be in the form sAMAccountName@DOMAIN. The domain name must be in all capital letters.
      • If you're using LDAP, the login should match the value of the userNameAttribute you specified when configuring the identity store.
      • If you're using SAML-based organization-specific logins, the login value specified should match the NameID attribute in the SAML identity provider.
      • If you're using OpenID Connect-based organization-specific logins, the login value specified should match the unique identifier assigned to each user by the OpenID Connect provider (for example, Google).
    • email address—The email address should be the email associated with the login and match the value in the identity store. If the user account does not have an email address, provide a false or generic value.

    • name—The name is the alias for the login that will be used in your ArcGIS organization. Most identity stores use the user's full name as the default alias. When the user is connected to the portal, this name appears at the top of the website.

    • role—This is the role the organization-specific login will have in the organization. Valid role values are viewer, user, publisher, data editor, admin, or <custom_role_name>, where <custom_role_name> is the name of the custom role (for example, hostedservicepublisher).

      Note:

      Ensure that the roles that are specified correspond with a compatible user type. For more information, see User types, roles, and privileges.

    • description—Optionally, you can include text to describe the account. This value does not correspond to any attribute in the identity store. Descriptions cannot exceed 250 characters.

    • Idp UserName—Optionally, specify the user name of the organization-specific account in the identity provider. If this value is not provided, the value specified for the login parameter is used instead.

    • first name—Optionally, you can specify the user's first name. If this value is left blank or set to no firstName, the name parameter will be used. If the name parameter consists of more than one word, the first word before a space will be used for the first name. If the first name is left blank or set to no firstName and the name parameter is empty, the user will not be created.

    • last name—Optionally, you can specify the user's last name. If this value is left blank or set to no lastName, the name parameter will be used. If the name parameter consists of more than one word, the first word after a space will be used for the last name. If the last name is left blank or set to no lastName and the name parameter is empty, the user will not be created. If both the first and last name for a user are left blank or set to no firstName and no lastName and the name parameter contains one word, that word will be used for both the first and last names.

    • user type id—The ID of the user type to which the member will be assigned. The user type id value is the name of the user type with UT appended to the end. Some examples of user type id values for the standard user types include viewerUT, editorUT, fieldworkerUT, creatorUT, GISProfessionalBasicUT, GISProfessionalStdUT, and GISProfessionalAdvUT.

    Note:

    You're required to provide a value for the login, email address, name, role, and user type. The description, Idp UserName, first name, and last name are optional. For each account listed in the file, verify that the values you entered for the login, email address, and name exactly match the values in your identity store. The portal will not connect to your identity store to validate these values.

    The following is an example of an entry to register an Active Directory organization-specific account for login jcho111, with an email address of jcho@domain.com and a full name of Jon Cho. The login is placed in the user role (user) and a Creator user type and is described as a user in department b.

    jcho111@DOMAIN|jcho@domain.com|Jon Cho|user|department b|creatorUT

    The following is an example of an entry to register an organization-specific account from a SAML identity provider. The user's login is rsmith@domain.com, with an email address of rsmith@domain.com and a full name of Robert Smith. The login is placed in the publisher role (publisher) with an Idp UserName of rsmith@domain.com and a GIS Professional Basic user type.

    rsmith@domain.com|rsmith@domain.com|Robert Smith|publisher|rsmith@domain.com|GISProfessionalBasicUT

    The following is an example of an entry to register an LDAP organization-specific account for login sjames4513, with an email address of sjames@domain.com and a full name of Sara James. The login is placed in the viewer role (admin) and a Viewer user type, and a description is provided.

    sjames4513@DOMAIN|sjames@domain.com|Sara James|viewer|Department Lead and GIS Manager|viewerUT

    The following is an example of an entry to register an organization-specific account for login srajhandas, with an email address of srajhandas@domain.com and a full name of Satish Rajhandas. The login is placed in the user role (user) and an Editor user type.

    srajhandas@DOMAIN|srajhandas@domain.com|Satish Rajhandas|user|editorUT

    The following is an example of an entry to register an organization-specific account from a SAML identity provider. The user's login is djohnson308, with an email address of djohnson@domain.com and a full name of Daisha Johnson. The login is placed in the user role (user), with a description; the Idp UserName, which is defined as djohnson@domain.com; and a GIS Professional Standard user type.

    djohnson308@DOMAIN|djohnson@domain.com|Daisha Johnson|user|Account Specialist|djohnson@domain.com|GISProfessionalStdUT

    The following is an example of an entry to register an organization-specific account from an OpenID Connect provider. The user's login is mbrown, with an email address of mbrown@domain.com and a full name of Marie Brown. The login is placed in the publisher role (publisher) and a Creator user type, with a description; the Idp UserName, which is defined as 110565518009184644438; and a first name of Marie and a last name of Brown.

    mbrown|mbrown@domain.com|Marie Brown|publisher|creatorUT|GIS Analyst|110565518009184644438|Marie|Brown

  2. Save the text file.
  3. Run the CreateUsers command line tool using one of the following methods:
    • To add OpenID Connect accounts, run the CreateUsers command line tool with the idp option set to oidc_[idvalue] (for example, ./CreateUsers.sh --file usr/adminfiles/users.txt --idp oidc_[idvalue]). Replace idvalue with your Open ID Connect registration ID.
    • To add other organization-specific accounts, run the CreateUsers command line tool with the idp option set to enterprise (for example, ./CreateUsers.sh --file usr/adminfiles/users.txt --idp enterprise).
    Note:

    If you do not specify -idp, organization-specific accounts are registered by default. Also, be sure to use the correct case for command line options and file names.

Once users sign in to the portal, they can add or change the security question and answer by editing their account profiles.

Add built-in portal accounts

To add built-in portal accounts, complete the following steps:

  1. Create a text file that contains information for creating built-in portal members. Use a separate line for each account, and separate values using pipes (|). The format for each entry is as follows:

    <account>|<password>|<email address>|<name>|<role>|<user type id>|<description>|<first name>|<last name>

    • account—The account is the user name to be used for the built-in account. Accounts must contain alphanumeric ASCII characters or underscores and can contain up to 128 characters. Some areas of ArcGIS Enterprise require that you enter a case sensitive user name.
    • password—This is a password to be assigned to the account. Users can use this password the first time they sign in to the portal, and then they can change their password by editing their profile.
    • email address—Provide an email address for this account. This parameter is required; therefore, you must provide a value for the email address even if it's not a valid address.
    • name—The name is the alias for the account that will be used in your ArcGIS organization. When the user is connected to the portal, this name appears at the top of the website.
    • role—This is the role the account will have in the ArcGIS organization. Valid role values are viewer, user, publisher, data editor, admin, or <custom_role_name>, where <custom_role_name> is the name of the custom role (for example, hostedservicepublisher).
      Note:

      Ensure that the roles that are specified correspond with a compatible user type. For more information, see User types, roles, and privileges.

    • description—Optionally, you can include text to describe the account. Descriptions cannot exceed 250 characters.
    • first name—Optionally, you can specify the user's first name. If this value is left blank or set to no firstName, the name parameter will be used. If the name parameter consists of more than one word, the first word before a space will be used for the first name. If the first name is left blank or set to no firstName and the name parameter is empty, the user will not be created.
    • last name—Optionally, you can specify the user's last name. If this value is left blank or set to no lastName, the name parameter will be used. If the name parameter consists of more than one word, the first word after a space will be used for the last name. If the last name is left blank or set to no lastName and the name parameter is empty, the user will not be created. If both the first and last name for a user are left blank or set to no firstName and no lastName and the name parameter contains one word, that word will be used for both the first and last names.
    • user type id—The ID of the user type to which the member will be assigned. The user type id value is the name of the user type with UT appended to the end. Some examples of user type id values for the standard user types include viewerUT, editorUT, fieldworkerUT, creatorUT, GISProfessionalBasicUT, GISProfessionalStdUT, and GISProfessionalAdvUT.

    The following is an example of an entry that adds a built-in portal account with the user name pub1 for Barbara Williams and an email account of bwilliams@domain.com. It also adds pub1 to the publisher role and the GIS Professional Advanced user type:

    pub1|changepasswordlater1|bwilliams@domain.com|Barbara Williams|publisher|GISProfessionalAdvUT

    The following is an example of an entry that adds a built-in portal account with the user name jcho for Jon Cho and an email account of jcho@domain.com. It also adds jcho to the administrator role and the Creator user type, describes it as the GIS manager, and lists the first and last names for the user:

    jcho|changepasswordlater1|jcho@domain.com|Jon Cho|admin|GIS Manager|Jon|Cho|creatorUT

  2. Save the text file.
  3. Run the CreateUsers command line tool with the idp option set to builtin (for example, ./CreateUsers.sh --file portalmembers.txt --idp builtin).
    Note:

    If you do not specify -idp, organization-specific accounts are registered by default. Be sure to use the correct case for command line options and file names.

Once users sign in to the portal, they can add or change the security question and answer by editing their account profiles. Users can also change their passwords by editing their account profiles.