After you have added members to your organization, you can manage their accounts. Managing members includes modifying profiles and account settings, resetting passwords, disabling multifactor authentication, disabling members, and deleting members. Managing members also includes changing their role or user type. For information about managing member content, see Manage content.
The actions you can perform when managing members depend on your privileges in the organization.
Tip:
Use the filters and sort options to help find the members you need to manage. For example, if you want to change the user type for members with the same user type, role, and group membership, you can filter the list to show only members that match that set of criteria. You can also filter by assigned licenses and last login date.
Modify profile
If you have the correct privileges, you can modify a member's profile and settings, such as their profile photo, bio, profile visibility, language, and email address.
- Verify that you are signed in to your organization and that you have privileges to update member account information.
- At the top of the site, click Organization and click the Members tab.
- Search for members by name or user name and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
- Click the More options button for the member whose profile you want to modify, and click View profile.
- On the member's profile page, update any of the following: profile photo, member name, bio, or profile visibility.
- To edit the member's settings, such as their email address, start page, language, and units, click View <member name>'s settings and modify the settings.
Change email address
You can see the email address on a member's settings page and, if necessary, you can change it. Only administrators with privileges to update member accounts can change email addresses for members. Members without this privilege cannot change their own email address.
Change user types
User types determine which privileges and apps are available to members. Once assigned, user types can be changed by those with the correct privileges.
- Verify that you are signed in to your organization and have administrative privileges to change member roles, manage licenses, and update member account information.
- At the top of the site, click Organization and click the Members tab.
- Search for members by name or user name and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
- Do one of the following:
- To change the user type of one member, click the More options button for the member and click Manage user type.
- To change the user type of multiple members at once, check the box next to the name of each member. Above the list of members, click Manage user types.
Tip:
You can select up to 100 members at a time. The selected set is maintained while you search and filter all the members in your organization, even across multiple pages. If necessary, click the members selected drop-down menu to review and revise your selection once you've modified your initial search or filter.
- In the window that appears, select a user type, select a role (if necessary), and click Save.
Note:
The user type can be changed to one with fewer capabilities if the member satisfies the corresponding requirements. For example, you can change a member from Creator to Viewer as long as the following conditions are met:
- The member does not own content or groups.
- The member does not have add-on licenses assigned that are incompatible with the new user type.
- The member does not belong to shared update groups.
Change member roles
A role defines the set of privileges assigned to a member. Once assigned, roles can be changed by administrators and those with privileges to change member roles. When you assign a role, it must be compatible with the member's assigned user type.
- Verify that you are signed in to your organization and that you have privileges to change member roles.
Note:
Changing a member's assigned role to or from the default Administrator role requires signing in as a default Administrator role.
- At the top of the site, click Organization and click the Members tab.
- Search for members by name or user name and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
- To change the role of one member, click the Role drop-down arrow and choose a new role.
- To change the role of multiple members at once, do the following:
- Check the box next to the name of each member whose role you want to change.
Tip:
You can select up to 100 members at a time. The selected set is maintained while you search and filter all the members in your organization, even across multiple pages. If necessary, click the members selected drop-down menu to review and revise your selection once you've modified your initial search or filter.
- Above the list of members, click Manage user types.
- In the window that appears, search for the role you want (if needed) and select it.
Note:
You only see the roles that are compatible with all the user types assigned to the selected members.
- Click Save.
- Check the box next to the name of each member whose role you want to change.
Reset password
Organization members who have privileges to update member account information can reset passwords for members. The system provides a temporary password that you must share with the member so they can sign in. After the member successfully signs in with the temporary password, they are prompted to change their password. If the member is currently signed in when you reset their password, they are immediately signed out.
Note:
You cannot reset passwords for organization-specific (SAML and OpenID Connect) logins.
- Verify that you are signed in to your organization and that you have privileges to update member account information.
- At the top of the site, click Organization and click the Members tab.
- Search for members by name or user name and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
- Click the More options button for the member whose password you want to reset, and click Reset password.
- Depending on how your organization is configured, one of the following happens:
- You are given a password in the Password Reset window and need to inform the member of their new, temporary password.
- If email settings are configured for your organization, the member is emailed their new, temporary password.
When the member signs in using the temporary password, they are immediately prompted to change their password.
Disable multifactor authentication
Administrators can disable multifactor authentication on a member's account. This is a privilege reserved for the administrator role. This option only appears when the organization is configured for multifactor authentication and the member has enabled it through their profile page.
- Verify that you are signed in as an administrator of your organization.
- At the top of the site, click Organization and click the Members tab.
- Search for members by name or user name and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
- Click the More options button for the member for whom you want to disable multifactor authentication, and click Disable multifactor.
Disable member
If you are an administrator of your organization or you have the correct privileges, you can disable members from your organization.
Disabling a member prevents the member from consuming organizational resources. This can be useful while you transfer their items to a different member. Disabled members cannot sign in to the organization, consume organizational resources, create content, or administer the site. They are still members and count toward the number of users in your organization.
If the member owns content or groups, you must transfer their content to a different member or delete the content before deleting the member. Once that is done, you can delete the disabled member from the organization.
You can disable organization members individually or as a selected set of members (up to 100 at a time).
- Verify that you are signed in to your organization and that you have privileges to disable members.
- At the top of the site, click Organization and click the Members tab.
- Search for members by name or user name and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
- Check the box next to the name of each member you want to disable. Above the list of members, click Disable member (or Disable members if multiple members are selected).
You can only disable members if the selected members have signed in to the organization at least once.
Tip:
You can select up to 100 members at a time. The selected set is maintained while you search and filter all the members in your organization, even across multiple pages. If necessary, click the members selected drop-down menu to review and revise your selection once you've modified your initial search or filter.
- To enable one or more disabled members, select the member or members, and click Enable member above the list of members.
Delete member
If you are an administrator of your organization or you have the correct privileges, you can delete an individual member when you want to remove the account from your organization. You can also delete members in bulk using a command line utility. Only administrators can delete other administrators.
If the member owns content or groups, you must transfer their content to a different member or delete their content before deleting the member. You can do this individually for each member or in bulk using a command line utility.
If the member has licenses assigned, you must revoke the licenses before deleting the member. For some Esri products, such as ArcGIS Pro or ArcGIS Drone2Map, licenses must be checked in by the user before you can revoke them.
If a member is deleted directly from the identity store, the member is retained in the portal. You must delete the member manually in the portal. If the member owns content or groups, you must transfer their content to a different member or delete their content before deleting the member.
Member accounts that exist in the portal's built-in identity store are permanently deleted and cannot be recovered. Organization-specific accounts (SAML and OpenID Connect) are unregistered from the portal and retained in your identity store. If necessary, you can recover the organization-specific account by adding it back to the portal.
Tip:
If you want to quickly assess which users in your organization are members of the portal, you can use the command line utility ListUsers to generate a text file that lists all the members in the portal. Use this utility to assess which users in your organization can be removed from the portal. The output text file can also be used as input to the DeleteUsers command line utility described below. For full instructions, see Listing members.
- Verify that you are signed in to your organization and that you have privileges to delete members.
- At the top of the site, click Organization and click the Members tab.
- Search for members by name or user name and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
- Click the More options button for the member you want to remove from the organization and click Delete member.
- Click the Delete Member button in the pop-up to confirm you want to remove the member.
Note:
Only administrators can delete other administrators.Delete members in bulk using a command line utility
Deleting members using the command line utility is appropriate if you need to remove a large number of members at once from your portal. You may do this periodically to keep the total membership count under control. You may also do this if you have recently upgraded your portal and must reduce the number of named users to the maximum allowed by your authorization file. For more information about this scenario, see Enforcement of named user licensing.
You'll use the DeleteUsers command line utility that was installed with the software to remove members from the portal in bulk. The tool is located in the <Portal for ArcGIS installation location>/tools/accountmanagement directory. The tool takes a text file as input and must be run on the machine where the portal is installed.
Note:
The utility can only be executed by a built-in administrator account; you cannot use an organization-specific administrator account. The built-in account you use can be the initial administrator account you set up when you configured the portal or another built-in account that has been assigned the default administrator role. If you deleted the initial administrator account and do not have any other built-in administrator accounts available, you must create one to execute the utility. For instructions, see the Built-in portal accounts section of Add members to your portal.
- Create a text file that contains the user names of members you want to delete from your portal. List each member's user name on a separate line. The following is an example:
sarah robert james qing
Note:
You must specify the user name of the member. Do not use the full name of the member; the tool will ignore all entries that use the full name of the member. Also note that the user names you type in the text file must be in the same case as they are stored in the portal. You can run the ListUsers command line utility or review the Members tab on the Organization page in your portal to see the case in which the user names are stored.
- Save the text file.
- Run the DeleteUsers command line tool by specifying your text file as the tool's input, for example, ./DeleteUsers.sh --file /data/scripts/memberstodelete.txt.
Tip:
Be sure to use the correct case for command line options and file names.