|Issue||User will be using domain_name\username when authenticating to a Windows machine. However, the username in RSA Authentication Manager is defined as username@domain_name.|
As an example,
- A customer has multiple identity sources with different domains and wants to use NTLM-UPN mapping with Authentication Manager 8.x.
- The RSA Authentication Agent for Windows is configured to send the user ID as domain_name\username.
- The real-time monitor shows the user as itservices\jsmith, so the agent is working as expected.
- The user enters itservices\jsmith on the authentication agent on Windows; however Authentication Manager is supposed to convert it to firstname.lastname@example.org, as per the mapping.
- Launch the Operations Console on the primary server.
- Navigate to Deployment Configuration > Identity Source.
- Click on the identity source and choose Edit.
- Click on the Map tab.
- Under Directory Configuration - User Tracking Attributes, next to UserID and Maps to, set the value to userPrincipalName.
- Launch the Security Console and login as a super admin.
- Navigate to Setup > System Settings.
- Under Authentication Settings, click on Agents.
- Scroll to Domain Name Mapping.
- For each identity source, enter the following data:
- In the NTLM Name text box, enter the proper NTLM name.
- In the UPN Name box, enter the UPN name.
- Click Add.
- When done, click Update.
- On the RSA Authentication Agent, launch the RSA Control Center.
- Select Advanced Settings.> Challenge Settings.
- Select the option to users in a group.
- Check the box to Send domain name /username.
- From the Authentication Manager primary, launch the real time authentication activity monitor (Reporting > Reports > Real Time Monitor > Real Time Authentication Activity and press Start Monitor).
- Logon to the Windows machine with the agent installed using user name and passcode and watch the authentication monitor to see the results. You should see a notice a passcode accepted message for the user.