Navigating User Access in My Esri
An Administrator’s Guide to adding and deleting users and everything in between.
Effective user management in My Esri is key to ensuring your staff have the necessary access to do their job while also ensuring the security of your organization by having control over fine-grained user access.
Let’s dive into some of the fundamental tasks for a My Esri Administrator.
Getting Your Users Connected
Authorize User Engines! Just as race cars rev up their engines, you can power up user access and empower users to dive into their tasks!
Bestowing Access to your Users
You have the power! As an Administrator, you can send your users an invitation by email to connect them to your My Esri organization. The Invite Users tool walks you through the process of inviting users to your organization.
* Find the tool on the Home menu at the top of the Users mega menu.
You can then invite a single user or up to 1000 users at one time. Just keep in mind the following caveats.
- Email address validation - Email addresses that fail basic email formatting validation will not be added to the invitation list. Make sure you remove these addresses from the list.
- Adding authorized callers - To add an authorized caller from the Invite Users page, only one user can be invited at a time.
- Re-inviting already connected users - If a user is already connected to your organization and you re-invite them, the choices you make in the following steps will override their existing permissions if they follow the steps in the new invitation received. Luckily, My Esri identifies already-connected users by placing a checkmark in the Active User column.
Once you are satisfied with the invitation list, scroll down the page to select the permissions to grant.
* Pro tip – hover over the blue information circles for a longer description of each permission.
Organize Users with Tags
In addition to the permissions, you can optionally add a tag, to help organize users. For example, you could add a tag to represent the department the user belongs to or if they are a contract worker. This allows you to filter on the tags to quickly provide a snapshot of a specific group of users for future review.
Automatically Disconnect Users on a Future Date
Managing contract workers’ permissions can often cause a significant amount of overhead. Simplify this process in My Esri by designating a time limit for the permissions to be valid for.
Once the time limit expires, it will appear as though they are no longer connected to your organization and will therefore not have access. You have 30 days to either modify the date range or remove it. After the 30-day mark, users with expired permissions are automatically removed from your organization. This is a helpful setting for contract workers that you need to add into your My Esri organization but want them from your organization at the end of their contract.
Will the Invited User be an Authorized Caller?
Will this user require the ability to log a support case? If so, you will need to configure them as an authorized caller. If your organization has support services as part of its maintenance contract, users at your organization will be able to use My Esri to request support cases. The users designated to request cases are called authorized callers. Authorized callers are assigned in My Esri. To make assignment easy, you can assign them when you invite them.
To add an authorized caller from Invite Users, only one user can be invited at a time. Turn on both “View technical support information” and “Take authorized caller actions”. When you turn on the latter, a new part of the form will appear. The options on the form will vary based on your location and your contract and may not exactly match what is shown below. Complete this part of the form for your caller.
Standard Support View:
Premium Support View:
Ready, Set, Send!
Once permissions are set, scroll down the page where you can add a personal message to your invitees, specify what language to send the invitation email in or add a note to appear in the Permissions Log. These notes may be helpful for any other Administrators in the future to determine why specific permissions were provided or why the user profile was created.
Pro Tip – Consider adding a message to your invitation about some items to note when accepting the invitation. Your users should first open ArcGIS Online and ensure that they are logged out of any session here, before opening the link to connect to the organization. If users have multiple ArcGIS Online logins and have that cookie stored/active in their browser, it can cause the incorrect account to be linked to My Esri. By logging out of ArcGIS Online first, it ensures that when they connect their account to the organization in My Esri, they can choose the correct ArcGIS Online account at that time. Alternatively, they can connect to the organization in My Esri in Incognito or Private Browsing mode in their browser.
Now, send those invitations!
Note - Each invitation email will include a unique token, which My Esri uses to identify your invitee. These tokens must be accepted within 6 weeks. Unused tokens and the related invitations that are older than 6 weeks are automatically deleted.
User Didn’t Receive or Deleted the Invitation? No Problem!
Sometimes a user deletes their invitation before accepting its token. Resend the invitation email using Resend Invitation, found under Users > Manage Users.
Save Yourself Time and Have the User Request Access to your Organization
First, the user must create and Esri account, which will be used to access My Esri.
After creating the account, the user can then log into My Esri. To be associated with an organization, have them click the My Organizations tab > Request Permissions.
From here, they can follow the instructions for requesting access to your organization. The request will then be sent to the organization’s administrator (you!) who will assign the correct permissions and link them to the organization.
After this, the user will receive a verification email. It must be accepted within 6 weeks. Once verified, the user will be connected to their organization in My Esri.
Fine Tune Permissions to Only Give Users the Access they Need
If permissions need to be modified after a user is connected to your organization, you can edit their permissions from Users > Manage Users. Click Edit Permissions (the pencil icon) or click the plus sign by their name to begin.
You’ll see the same form you saw on Invite Users, where you can add and remove tags, time limits or specific permissions for each connected user, as well as change their authorized caller status.
You can edit permissions on pending invitations, too. When the user accepts their token, they’ll receive the updated permissions.
Unlike Invite Users, you can decide if the user will get an email or not about their updated permissions. All Administrators connected to your organization will also receive an email about the changed permissions.
Note that the language that the user will receive the email in is controlled by the language setting on their profile.
Sending Users on a One-Way Trip to the Digital Abyss
If a user leaves your organization, disconnect them from your organization using the red trash can on the Users > Manage Users page, otherwise known as the ‘Bye-Bye User’ button.
This removes their permissions to your organization. They will no longer have access to your organization’s information on My Esri.
Final Note on Headless Accounts
We’re not in Sleepy Hollow, so there should be no headless users in your My Esri organization.
It is recommended that a user profile be uniquely created for each person requiring access to My Esri. Below are some reasons behind the recommendation.
- Unique identity allows for easier profile management.
Unique identities allow for each user to be easily identifiable by an Administrator. It also allows profile changes to be made easily, including the disconnection of a user with the organization when necessary.
- Limits the security risk associated with a headless My Esri profile.
When an employee leaves the organization, their unique user profile can be disconnected from your organization in My Esri. However, if an employee who had access to the headless My Esri account leaves the organization, access will persist until the headless account password has been reset. In addition to this, there is more overhead in ensuring that all other employees with access to the headless account have been notified of the password change.
- Prevents technical support case communication being sent to the wrong contact at the organization.
Due to an integration with Esri Canada technical support’s case management system, creating a new case under a headless/shared My Esri account can cause new case emails (and further attempted case communication) to be sent to the incorrect employee at your organization. The email address associated with the My Esri headless user profile at the time of case creation is who will receive case communications. Simply changing the email address in My Esri does not necessarily change the email address associated with this account in Esri Canada’s case management system. Due to this, it is advised to never assign an existing My Esri user profile to a new user at the organization.
Thanks for Coming to my TED Talk
My Esri serves as a robust portal for managing various Esri-related administrative tasks within an organization. From user management to license administration, this platform offers valuable tools and resources. Hopefully the information provided helps guide you in the user administration side and consider some common gotchas when working through these processes.
Need More Help?
Compiled below is a list of resources to help through your administrator journey when it comes to managing users in My Esri. If you need further assistance, feel free to reach out to the Esri Canada Customer Care team.
Additional Resources
My Esri Login – website.
Create and Esri account – website.
My Esri & Technical Support – video for Users working with Technical Support cases, bugs, and enhancements.
How to Administer Users on My Esri – PDF for Admins.