|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Agent for AD FS
RSA Version/Condition: 1.0
Platform (Other): null
O/S Version: null
Product Name: RSA-0010010
Product Description: RSA Authentication Manager
Problem: A site's SecurID usernames are in UPN format: for example: firstname.lastname@example.org . To authenticate with a UPN through the AD FS Agent, there are two separate issues to overcome.
That can be easily addressed by enabling the AD FS Agent policy (named “Send Domain”). That policy is set via a GPO template that ships with the ADFS Agent and which is documented in the RSA® Authentication Agent 1.0 for Microsoft® AD FS Group Policy Object Template Guide (“Authentication_Agent100ADFS_gpo_template_guide.pdf”).
That can be addressed by defining an alias (the SAM name) for the SecurID user. (See Security Console Help to set up user aliases).
|Resolution||NOTE: This solution is for RSA AD FS 1.0 Agent. The AD FS 1.0.1 agent will allow a GPO to be set to direct the agent to send the UPN, where the 1.0 agent can only send SAM format.|