While following the instructions in the Configure a SAML-compliant identity provider with your portal documentation for Active Directory Federation Services (AD FS) 2.0 and above, under step 3 of the Configuring your portal with a SAML identity provider header, the following options are available:
When the second option is selected, sometimes, an error message is returned.
Error: Unable to sign in, logins are by invitation only. Please contact the administrator of this web site to access this site.
This happens if the Lightweight Directory Access Protocol (LDAP) Attributes are mapped to Outgoing Claim Types incorrectly.
For example, the error message is returned if the User-Principal-Name (UPN) attribute is mapped to the Name ID Outgoing Claim Type, and the UPN username to add the member to the Portal is incorrect.
The error message is also returned if other components like the first name and last name are provided incorrectly while adding the Portal member.
Provide the UPN and other attributes as set in the AD FS Server.
To find the correct UPN, launch the command prompt on any computer within the same network as the AD FS Server and run the command 'whoami /upn'. This lists the UPN of the logged-in user.
Get help from ArcGIS experts
Download the Esri Support App