|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Active Directory
RSA Version/Condition: 10.4,10.5,10.6,11.x
O/S Version: EL6/EL7
|Issue||User is unable to login to RSA Security Analytics user interface with Active Directory authentication.|
Some users can login to the Security Analytics user interface, whereas some users cannot.
Error messages similar to the following are found in the /var/lib/netwitness/uax/logs/sa.log file:
User cannot login to the Security Analytics user interface with Active Directory authentication.
SA takes the username and concatenates the configured domain in SA and creates login using UPN (user@domain) to authenticate. The problem is that if the domain name configured in Security Analytics is different from the domain name on Active Directory, authentication will fail and you will receive the above error.
For example, the domain on SA is 'na.company.com' and on Active Directory the user logon name is 'firstname.lastname@example.org', the authentication will fail because the domain name does not match.
|Resolution||Change domain name from Security Analytics interface at Admin >System > Security >Settings >Active Directory Configuration to match the correct domain on Active Directory|
|Legacy Article ID||a66225|