Adding members to your portal
This topic only applies to 10.2.1 and later versions.
You can allow users to add their own accounts using the portal website, or you can add accounts in bulk using a command line utility.
If you are using the portal's built-in store to manage members, the member's account is added to the built-in identity store and appears in the portal website. The account information is stored in the portal. If you are using your organization's enterprise identity store to manage members, the account information is read from your enterprise store and appears as an entry in the portal website. The account information is not stored in the portal. To learn more about how members are managed in the portal, see Managing access to your portal.
For full instructions on how to add members to your portal, see the steps in the sections below.
Allowing users to add their own accounts
Enterprise accounts
If your portal is configured with your organization's enterprise identity store, you can configure the portal to register these accounts with it the first time the enterprise accounts connect to it. By default, new installations of Portal for ArcGIS do not allow accounts from an enterprise identity store to be registered to the portal automatically. For full instructions on how to configure your portal to allow this, see Automatic registration of enterprise accounts.
When upgrading Portal for ArcGIS 10.2.1 to 10.2.2, the setting that enables or disables automatic account creation is not preserved; automatic account creation is disabled after upgrading. This is unintended behavior and will be addressed in a future software release. If you enabled automatic account creation at 10.2.1, you can resolve this issue by immediately re-enabling the setting after upgrading to 10.2.2. For full instructions, see Automatic registration of enterprise accounts.
If you upgraded Portal for ArcGIS 10.2 to 10.2.2, enterprise accounts are already configured to be registered with the portal automatically.
Built-in portal accounts
If your portal uses built-in portal accounts, you can send the portal URL to the people in your organization who need to use the portal. These people can paste the URL in a web browser and create their own account by doing the following:
- From the portal home page, click Sign In. You'll also see this page if you attempt to save a map without logging in.
- Click Create an account.
- Enter your name, email address, and desired user name and password.
Account names cannot have more than 24 characters or fewer than 4 characters. They can only contain alphanumeric characters or underscores.
- Choose an identity question and type an answer to the question.
- Click Create My Account.
An account is added to the portal's identity store and the user is signed in to the portal.
Adding members in bulk using the command line utility
Adding members using the command line utility is useful if you need to add multiple member accounts at once.
By default, new installations of Portal for ArcGIS do not allow accounts from an enterprise identity store to be automatically registered with the portal. Therefore, you'll need to register your enterprise users with this utility. Alternatively, you can enable automatic registration of enterprise accounts if you want enterprise users to be able to register their own accounts.
When upgrading Portal for ArcGIS 10.2.1 to 10.2.2, the setting that enables or disables automatic account creation is not preserved; automatic account creation is disabled after upgrading. This is unintended behavior and will be addressed in a future software release. If you enabled automatic account creation at 10.2.1, you can resolve this issue by immediately re-enabling the setting after upgrading to 10.2.2. For full instructions, see Automatic registration of enterprise accounts.
If you upgraded Portal for ArcGIS 10.2 or 10.2.1 to 10.2.2, enterprise accounts are automatically added as members in the organization. You may want to disable automatic registration of enterprise accounts to have more control over which users are added as members in your organization.
As the portal administrator, you can use the CreateUsers command line utility tool that was installed with the software to register members with the portal in bulk. The tool is located in the <Portal for ArcGIS installation location>\tools\accountmanagement directory. The tool takes a text file as input and must be run on the machine where the portal is installed. If either the name or description (described below) includes non-English characters, save the input file as UTF-8; otherwise, non-English characters will not save properly.
The utility can only be executed by a built-in administrator account; you cannot use an enterprise administrator account. The built-in account you use can be the initial administrator account you set up when you configured the portal or another built-in account that has been granted administrator privileges. If you have deleted the initial administrator account and do not have any other built-in administrator accounts available, you will need to create one to execute the utility. For instructions, see the Built-in portal accounts section above.
- Create a text file that contains information for creating built-in portal members or registering enterprise accounts. Use a separate line for each account, and separate values using pipes (|).
- When registering enterprise accounts, the format for each entry is as follows:
<login>|<email address>|<name>|<role>|<description>
- login—The login is the enterprise login to be registered. If you are using Active Directory, this login should be in the form sAMAccountName@DOMAIN. The domain name must be in all capital letters. If you are using LDAP, the login should match the value of the userNameAttribute you specified when configuring the identity store.
- email address—The email address should be the email associated with the login and match the value in the identity store. If the user account does not have an email address, provide a false or generic value.
- name—The name is the alias for the login that will be used in your ArcGIS organization. Most identity stores use the user's full name as the default alias. When the user is connected to the portal website, this name appears at the top of the website.
- role—This is the role the enterprise login will have in the ArcGIS organization. Valid role values are org_user, org_publisher, or org_admin.
- description—Optionally, you can include text to describe the account. This value does not correspond to any attribute in the identity store. Descriptions cannot exceed 250 characters.
Note:You're required to provide a value for the login, email address, name, and role. The description is optional. For each account listed in the file, verify the values you entered for the login, email address, and name exactly match the values in your identity store. The portal will not connect to your identity store to validate these values.
The following is an example of an entry to register an enterprise account for login jcho111, with an email address of jcho@domain.com and a full name of Jon Cho. The login is placed in the user role (org_user) and is described as a user in department b:
jcho111@DOMAIN|jcho@domain.com|Jon Cho|org_user|department b
- When adding built-in portal accounts, the format for each entry in the text file is as follows:
<account>|<password>|<email address>|<name>|<role>|<description>
- account—The account is the user name to be used for the built-in account.
- password—This is a password to be assigned to the account. Users can use this password the first time they sign in to the portal, and then they can change their password by editing their profile.
- email address—Provide an email address for this account. This parameter is required; therefore, you must provide a value for the email address even if it is not a valid address.
- name—The name is the alias for the account that will be used in your ArcGIS organization. When the user is connected to the portal website, this name appears at the top of the portal website.
- role—This is the role the account will have in the ArcGIS organization. Valid role values are org_user, org_publisher, or org_admin.
- description—Optionally, you can include text to describe the account. Descriptions cannot exceed 250 characters.
This example adds a built-in portal account with the user name pub1 for Barbara Williams, with an email account of bwilliams@domain.com. It also adds pub1 to the publisher role and describes it as a member of the planning department:
pub1|changepasswordlater|bwilliams@domain.com|Barbara Williams|org_publisher|planning department
- When registering enterprise accounts, the format for each entry is as follows:
- Save the text file.
- Run the CreateUsers command line tool.
To register an enterprise account, run the CreateUsers tool with the idp option set to enterprise, for example, CreateUsers --file c:\scripts\users.txt --idp enterprise.
If you do not specify -idp, an enterprise account is registered by default.
To create a built-in portal account, run the CreateUsers tool with the idp option set to builtin, for example, CreateUsers --file d:\scripts\addmembers.txt --idp builtin.
Tip:Be sure to use the correct case for command line options and file names.
Once users log in to the portal, they can add or change the security question and answer by editing their account profiles. If these are built-in accounts, users can also change their passwords by editing their account profiles.