|Issue||User will be using domain_name\username when authenticating to a Windows machine. However, the username in RSA Authentication Manager is defined as username@domain name.|
As an example, a customer has multiple identity sources with different domains, he wants to use NTLM-UPN mapping with Authentication Manager 8.0. The RSA Authentication Agent for Windows is configured to send the user ID as domain\username and the real-time monitor shows itservices\jsmith, so the agent is working as expected. The user types itservices.local\jsmith on the authentication agent on Windows; however Authentication Manager is supposed to convert it to email@example.com, as per the mapping.
- Launch the Operations Console on the primary server.
- Navigate to Deployment Configuration > Identity Source.
- Click on the identity source and choose Edit.
- Click on the Map tab.
- Under Directory Configuration - User Tracking Attributes, next to UserID and Maps to, set the value to userPrincipalName.
- Launch the Security Console and login as a super admin.
- Navigate to Setup > System Settings.
- Under Authentication Settings, click on Agents.
- Scroll to Domain Name Mapping.
- For each identity source, enter the following data:
- In the NTLM Name text box, enter the proper NTLM name.
- In the UPN Name box, enter the UPN name.
- Press Add.
- When done, click Update.
- On the RSA Authentication Agent, launch the RSA Control Center.
- Select Advanced Settings.> Challenge Settings.
- Select the option to users in a group.
- Check the box Send domain name /username?
- From the Authentication Manager primary, launch the real time authentication activity monitor (Reporting > Reports > Real Time Monitor > Real Time Authentication Activity and press Start Monitor).
- Logon to the Windows machine with the agent installed using user name and passcode and watch the authentication monitor to see the results. You should see a notice a passcode accepted message for the user.