000029392 - How to ignore username's NTLM or "down-level logon name" domain name prefix sent by a radius client or agent in RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Dec 10, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029392
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Palo Alto / Radius client
ResolutionHere is how to strip or ignore the domain name for the example COGWELLCOGS\userid.
  1. Go to Security Console > Settings > Agent Settings.
  2. In the section Domain Name Mapping, enter the domain name in the NTLM Name (for ex. COGSWELLCOGS).
  3. Enter RSAOMIT in the UPN Name. RSAOMIT is a keyword which will suppress only the NTLM Name specified. If you have more than one DOMAIN to omit, add additional mappings to RSAOMIT.
  4. Click Save to save changes.

COGWELLCOGS\userid will now authenticate as user id userid.