PROBLEM

Enterprise group members periodically lose access to content

Last Published: April 25, 2020

Description

Members of enterprise groups configured with an enterprise identity provider (such as Active Directory) lose access to shared content, and appear missing from a group's member list.

Users may report the issue resolves itself within 24 hours, or after signing out and signing back in.

Cause

This is caused by the domain controller losing access to the enterprise identity provider and group store servers.

Solution or Workaround

By default, Portal for ArcGIS is configured to refresh the enterprise identity provider and group store at 24-hour intervals, and upon user login. This re-establishes access to these servers, and resolves the issue.

To circumvent the default refresh interval, the following workarounds can be used to:

  • Force Portal for ArcGIS to refresh the enterprise identity provider and group store via the portaladmin endpoint.
  • Force Portal for ArcGIS to refresh the enterprise identity provider and group store via the ArcGIS API for Python.
  • Reconfigure Portal for ArcGIS to refresh the enterprise identity provider and group store at shorter intervals.

Force Portal for ArcGIS to refresh the enterprise identity provider and group store via the portaladmin endpoint

  1. Sign in to the Portal for ArcGIS portaladmin endpoint.
  2. Navigate to Security > Groups > Refresh Membership.
  3. Enter all group names, using a comma to separate the group names. Click Refresh Membership.
Image of the Refresh Group Membership page in the Portal for ArcGIS portaladmin directory
Note:
Refreshing group membership may be time-consuming for organizations with large group structures. For better performance, refresh the membership of the affected enterprise users by navigating to Security > Users > Refresh Membership instead.

Force Portal for ArcGIS to refresh the enterprise identity provider and group store via ArcGIS API for Python

  1. Launch a Python compiler, such as Jupyter Notebook.
  2. Run the following script to refresh the group membership:
from arcgis.gis import GIS, admin

# Sign in to Portal for ArcGIS using administrator credentials.

gis = GIS('https://', 'DOMAIN\\USERNAME', 'ADMIN PASSWORD', verify_cert=False)

groupManager = gis.admin.security.groups
 
# List comma-separated STRING of groups. This is a requirement of the ArcGIS REST API, and must not be a Python list.

groupList = 'GROUP1,GROUP2,GROUP3'

# This command calls the ArcGIS REST API to refresh all groups within groupList.

groupManager.refresh_groups(groupList)
  1. Alternatively, run the following script to refresh the user membership:
from arcgis.gis import GIS, admin

# Sign in to Portal using Portal for ArcGIS administrator credentials.

gis = GIS('https://', 'DOMAIN\\USERNAME', 'ADMIN PASSWORD', verify_cert=False)

userManager = gis.admin.security.enterpriseusers

# List comma-separated STRING of users. This is a requirement of the ArcGIS REST API, and must not be a Python list.

userList = 'user1,user2,user3'

# This command calls the ArcGIS REST API to refresh all users within userList.

userManager.refresh_users(userList)

Reconfigure Portal for ArcGIS to refresh the enterprise identity provider and group store at shorter intervals

  1. Sign in to the Portal for ArcGIS portaladmin endpoint.
  2. Navigate to Security > Config > Update Identity Store.
  3. Set the membershipRefreshIntervalHours parameter to the desired value. For more information on configuring Update Identity Store parameters, refer to ArcGIS REST API: Update Identity Store.
  4. Select JSON from the Format drop-down menu, and click Update Configuration.

Article ID: 000022608

Software:
  • ArcGIS REST API
  • Portal for ArcGIS
  • ArcGIS API for Python

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options