000030472 - Important information regarding configuring Microsoft Active Directory Authentication in Security Analytics 10.4.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000030472
Applies ToSecurity Analytics 10.4.1
IssueWhen using the Microsoft attribute UPN for Security Analytics 10.4.1 authentication, it is important to note when the users full UPN is required and when it is not.
ResolutionScenario 1 (domain name matches the AD server hostname)
If the suffix (domain.com) used in the users UPN (username@domain.com) matches the AD domain name as indicated in the screenshot below, a user will be able to authenticate with their username only:

User-added image

Scenario 2 (domain name DOES NOT match the AD server hostname): 
- If the "domain.com" suffix  in the users UPN does not match the AD domain as indicated in the screenshot below, then the users full UPN must be used for authentication (i.e username@domain.com)

User-added image
NotesFor the two scenarios explained above, note:
1.  This solution applies to Security Analytics and higher only, as using upn or samAccountName was not an option prior to SA 10.4.1X
2- UPN vs samAccountName is used as "Search Filter" in the Security Analytics AD settings