Skip To Content

Manage members

After you have added members to your organization, you can manage their accounts. Managing members includes modifying profiles and account settings, resetting passwords, disabling multifactor authentication, disabling member accounts, and deleting members. Managing members also includes changing their role or user type, and categorizing members by characteristics such as department or location. For information about managing member content, see Manage content.

The actions you can perform when managing members depend on your privileges in the organization.

Tip:

Use the filters and sort options to help find the members you need to manage. For example, to change the user type for members with the same user type, role, and group membership, you can filter the list to show only members that match that set of criteria. You can also filter by assigned licenses and last login date.

Modify profile

If you have the appropriate privileges, you can modify a member's profile and settings, such as their profile photo, bio, profile visibility, language, and email address.

  1. Confirm that you are signed in to your organization and that you have privileges to update member account information.
  2. At the top of the site, click Organization and click the Members tab.
  3. Search for members by name or username and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
  4. Click the More options button More options for the member whose profile you want to modify, and click View profile.
  5. On the member's profile page, update any of the following: profile photo, member name, bio, or profile visibility.
  6. To edit the member's settings, such as their email address, start page, language, and units, click View <member name>'s settings and modify the settings.

Change email address

You can see the email address on a member's settings page and, if necessary, you can change it. Only administrators with privileges to update member accounts can change email addresses for members. Members without this privilege cannot change their own email address.

Categorize members

As an administrator or a member with the privileges to manage member categories, you can set up hierarchical categories for organizing members in your organization according to characteristics, such as department, location, and expertise. Once categories are set up, members with the privilege to update member information can categorize members in the organization. This allows you and others in the organization to filter the members list by member category to find specific members. A member's assigned categories are displayed on their settings page and can be viewed by the member and those with the privilege to view members.

Set up categories

You can configure member categories on the Members tab of the organization page.

  1. Confirm that you are signed in to your organization as a member with the privileges to manage member categories.
  2. At the top of the site, click Organization.
  3. Click the Members tab.
  4. Under Categories, click Set up member categories.
    Tip:

    If some member categories have already been configured, click Configure categories Configure categories to add, rename, delete, or reorder categories as needed.

  5. In the text box, type a category name (using up to 100 characters), and click Save Save.
  6. Optionally, click Add category Add category, type a name, and click Save to create a subcategory.
  7. Repeat the previous steps to create additional top-level categories and subcategories.
  8. Do any of the following to make additional changes to the categories:
    • Click Edit category Edit category, type a different name, and click Save to rename a category or subcategory.
    • Click Delete category Delete category next to a category or subcategory to delete it.
    • Click Reorder Reorder next to a category or subcategory and drag it to a new position in the hierarchy.
  9. Close the Configure member categories window when you are finished setting up categories.

You can now assign the categories you created to members in the organization.

Note:
You can have up to three levels of categories in the hierarchy, with a maximum of 200 categories and subcategories in total. For efficiency, it is recommended that you create a comprehensive and complete category hierarchy and naming scheme before assigning categories to members.

Assign categories to members

Once member categories are configured, those with the privileges to update member information can categorize members in the organization on the Members tab of the organization page. Alternatively, you can assign member categories to one or more members during the add member workflow or configure your organization to automatically assign a set of default member categories to new members who are added to the organization.

Do the following to assign member categories on the Members tab of the organization page:

  1. Confirm that you are signed in to your organization as a member with the privilege to update member information.
  2. At the top of the site, click Organization.
  3. Click the Members tab.
  4. Use the filters, sort options, and search as needed to find one or more members to categorize.
  5. Select one or more members and click Categorize.
  6. Do any of the following:
    • Check the boxes to select categories and subcategories to bulk assign to the selected members.
      Note:

      Selecting a subcategory automatically selects all associated categories and subcategories above it in the hierarchy.

    • Uncheck boxes to remove all selected members from a specific category or subcategory.
      Note:

      When deselecting categories and subcategories, the following occurs:

      • Deselecting a category or subcategory automatically deselects all of its associated subcategories.
      • Deselecting a category or subcategory when no other subcategories are selected at the same level also deselects the associated categories above it and subcategories below it.

    • Click Assign Category on the member card and select one or more categories to categorize an individual member.

      You can assign up to 20 categories to each member. You can also use the Filter categories box to narrow your options.

    • Click the remove button next to the category on a member card to remove a category assignment for an individual member.
  7. Click Done when you are finished assigning categories.

    The members are organized into the categories you specified. Members can view their assigned categories on their settings page. Administrators and members with the privilege to view members can also view a member's assigned categories on the member's settings page and can use the Categories filter on the Members tab to find specific members.

Change user types

User types determine which privileges and apps are available to members. Once assigned, user types can be changed by those with the appropriate privileges.

  1. Verify that you are signed in to your organization and have administrative privileges to change member roles, manage licenses, and update member account information.
  2. At the top of the site, click Organization and click the Members tab.
  3. Search for members by name or username and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
  4. Do one of the following:
    • To change the user type of one member, click the More options button More options for the member and click Manage user type.
    • To change the user type of multiple members at once, check the box next to the name of each member. Above the list of members, click Manage user types.
    Tip:

    You can select up to 100 members at a time. The selected set is maintained while you search and filter all the members in your organization, even across multiple pages. If necessary, click the members selected drop-down menu to review and revise your selection once you've modified your initial search or filter.

  5. In the window that appears, select a user type, select a role (if necessary), and click Save.
    Note:

    The user type can be changed to one with fewer capabilities if the member satisfies the corresponding requirements. For example, you can change a member from Creator to Viewer as long as the following conditions are met:

    • The member does not own content or groups.
    • The member does not have add-on licenses assigned that are incompatible with the new user type.
    • The member does not belong to shared update groups.
    If the above conditions are not met, the administrator must reassign that member's content and groups, revoke the add-on licenses, and remove the member from these groups before changing their user type.

Change member roles

A role defines the set of privileges assigned to a member. Once assigned, roles can be changed by administrators and those with privileges to change member roles. When you assign a role, it must be compatible with the member's assigned user type.

  1. Verify that you are signed in to your organization and that you have privileges to change member roles.
    Note:

    Changing a member's assigned role to or from the default Administrator role requires signing in as a default Administrator role.

  2. At the top of the site, click Organization and click the Members tab.
  3. Search for members by name or username and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
  4. To change the role of one member, click the Role drop-down arrow and choose a new role.
  5. To change the role of multiple members at once, do the following:
    1. Check the box next to the name of each member whose role you want to change.
      Tip:

      You can select up to 100 members at a time. The selected set is maintained while you search and filter all the members in your organization, even across multiple pages. If necessary, click the members selected drop-down menu to review and revise your selection once you've modified your initial search or filter.

    2. Above the list of members, click Manage user types.
    3. In the window that appears, search for the role you want (if needed) and select it.
      Note:

      You only see the roles that are compatible with all the user types assigned to the selected members.

    4. Click Save.

Reset password

Organization members who have privileges to update member account information can reset passwords for members. The system provides a temporary password that you must share with the member so they can sign in. After the member successfully signs in with the temporary password, they are prompted to change their password. If the member is currently signed in when you reset their password, they are immediately signed out.

Note:

You cannot reset passwords for organization-specific (SAML and OpenID Connect) logins.

  1. Verify that you are signed in to your organization and that you have privileges to update member account information.
  2. At the top of the site, click Organization and click the Members tab.
  3. Search for members by name or username and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
  4. Click the More options button More options for the member whose password you want to reset, and click Reset password.
  5. Depending on how your organization is configured, one of the following happens:
    • You are given a password in the Password Reset window and need to inform the member of their new, temporary password.
    • If email settings are configured for your organization, the member is sent an email with their new, temporary password.

When the member signs in using the temporary password, they are immediately prompted to change their password.

Disable multifactor authentication

Administrators can disable multifactor authentication on a member's account. This is a privilege reserved for the administrator role. This option only appears when the organization is configured for multifactor authentication and the member has enabled it through their profile page.

  1. Verify that you are signed in as an administrator of your organization.
  2. At the top of the site, click Organization and click the Members tab.
  3. Search for members by name or username and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
  4. Click the More options button More options for the member for whom you want to disable multifactor authentication, and click Disable multifactor.
  5. The member receives an email notification that multifactor authentication has been disabled on their account.

Disable member accounts

If you are an administrator of your organization or you have the appropriate privileges, you can disable member accounts in your organization.

Disabling a member account prevents the member from consuming organizational resources. This can be useful while you transfer their items to a different member. Members whose accounts have been disabled cannot sign in to the organization, consume organizational resources, create content, or administer the site. They are still members and count toward the number of users in your organization.

If the member owns content or groups, you must transfer their content and groups to a different member when you delete the member account.

You can disable individual member accounts or disable them for a selected set of members (up to 100 at a time).

  1. Verify that you are signed in to your organization and that you have privileges to disable member accounts.
  2. At the top of the site, click Organization and click the Members tab.
  3. Search for members by name or username and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
  4. Check the box next to the name of each member whose account you want to disable. Above the list of members, click the More menu and select Disable member account (or Disable member accounts if multiple members are selected).

    You can only disable member accounts if the selected members have signed in to the organization at least once.

    Tip:

    You can select up to 100 members at a time. The selected set is maintained while you search and filter all the members in your organization, even across multiple pages. If necessary, click the members selected drop-down menu to review and revise your selection once you've modified your initial search or filter.

  5. To enable one or more disabled member accounts, select the member or members, and above the list of members, click the More menu and select Enable member accounts.

Delete member

If you are an administrator of your organization or you have the appropriate privileges, you can delete an individual member when you want to remove the account from your organization. You can also delete members in bulk using a command line utility. Only administrators can delete other administrators.

If the member owns content or groups, you must also transfer their content and groups to a different member when deleting the member. If the member has licenses assigned, the licenses are automatically revoked when you delete the member. For some Esri products, such as ArcGIS Pro or ArcGIS Drone2Map, licenses must be checked in by the user before you can revoke them.

If a member is deleted directly from the identity store, the member is retained in the portal. You must delete the member manually in the portal.

Member accounts that exist in the portal's built-in identity store are permanently deleted and cannot be recovered. Organization-specific accounts (SAML and OpenID Connect) are unregistered from the portal and retained in your identity store. If necessary, you can recover the organization-specific account by adding it back to the portal.

Tip:

To quickly assess which users in your organization are members of the portal, you can use the command line utility ListUsers to generate a text file that lists all the members in the portal. Use this utility to assess which users in your organization can be removed from the portal. The output text file can also be used as input to the DeleteUsers command line utility described below. For full instructions, see Listing members.

  1. Verify that you are signed in to your organization and that you have privileges to delete members.
  2. At the top of the site, click Organization and click the Members tab.
  3. Search for members by name or username and apply filters to narrow the members list. Sort the list as desired, such as by name or last login date.
  4. Ensure that the licenses of add-on apps such as ArcGIS Pro that are assigned to the member have been checked in.

    When you delete the member, these app licenses will be automatically revoked. If they are still checked out, you won't be able to delete the member.

  5. Click the More options button More options for the member you want to remove from the organization and click Delete member.
  6. If the member owns content or groups, do the following to transfer ownership of their items and groups to another member:
    1. Under Transfer groups and content, search for and select the member to whom to transfer ownership.

      The new owner must have privileges to own content and groups.

      Tip:

      You can review the list of items and groups being transferred by clicking the View all button View all.

      When you transfer the ownership of an item shared with one or more groups, the new owner must be a member of all groups with which the item is shared. In addition, the Who can contribute content? setting of each group must allow the new owner to share items with the group. For example, if the item is shared with a group that only allows the group owner or group managers to contribute content, the new owner of the item must be that group's owner or manager.

      Tip:

      Changing layer ownership changes ownership of the file from which the layer was created. When you change the owner of a hosted feature layer, ownership changes for its dependent hosted feature layer views.

      Changing the owner of a layer does not change the owner of the maps and scenes in which the layer is used. Similarly, changing the owner of maps and scenes does not change the ownership of the layers inside them, nor does it change the owner of the apps in which the maps and scenes are used.

    2. Optionally, search for and select or create a folder for the transferred items.
  7. When finished, click Delete member.
    Note:
    Only administrators can delete other administrators.

    The member is deleted from the organization and their groups and content are transferred to the specified member. Any add-on licenses are revoked and available to assign to other members.

Delete members in bulk using a command line utility

Deleting members using the command line utility is appropriate if you need to remove a large number of members at once from your portal. You may do this periodically to keep the total membership count under control. You may also do this if you have recently upgraded your portal and must reduce the number of named users to the maximum allowed by your authorization file. For more information about this scenario, see Enforcement of named user licensing.

You'll use the DeleteUsers command line utility that was installed with the software to remove members from the portal in bulk. The tool is located in the <Portal for ArcGIS installation location>/tools/accountmanagement directory. The tool takes a text file as input and must be run on the machine where the portal is installed.

Note:

The utility can only be executed by a built-in administrator account; you cannot use an organization-specific administrator account. The built-in account you use can be the initial administrator account you set up when you configured the portal or another built-in account that has been assigned the default administrator role. If you deleted the initial administrator account and do not have any other built-in administrator accounts available, you must create one to execute the utility. For instructions, see the Built-in portal accounts section of Add members to your portal.

  1. Create a text file that contains the usernames of members you want to delete from your portal. List each member's username on a separate line. The following is an example:

    sarah
    robert
    james
    qing

    Note:

    You must specify the username of the member. Do not use the full name of the member; the tool will ignore all entries that use the full name of the member. Also note that the usernames you type in the text file must be in the same case as they are stored in the portal. You can run the ListUsers command line utility or review the Members tab on the Organization page in your portal to see the case in which the usernames are stored.

  2. Save the text file.
  3. Run the DeleteUsers command line tool by specifying your text file as the tool's input, for example, ./DeleteUsers.sh --file /data/scripts/memberstodelete.txt.

    Tip:

    Be sure to use the correct case for command line options and file names.