|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: RSA Authentication Agent for Windows
RSA Version/Condition: 7.1
|Resolution||The RSA Authentication Agent for Windows can accept logins from users in the formats of username, username@domain and domain\username. However, by default, it will remove the domain name, and send just the username to the Authentication Manager server. The agent has a checkbox labeled Send the domain name and user name to RSA Authentication Manager instead of just the user name. If this is checked, it will send a request in a format similar to domain\username.|
However, it can do some normalization of the request. With the RSA Authentication Agent 7.2.1 for Windows:
|Notes||The RSA Authentication Manager server can be configured to use email addresses to identify users in an identity source, instead of using the default samAccountName. This would require an authentication request to be send in the form of user@domain, but the agent does not send in that format.|
Authentication Manager can be configured to map a NTLM name (DOMAIN\username) to a UPN (user@domain) with NTLM mappings, to allow resolving the username. See the article on how to authenticate to an RSA Authentication Agent for Windows as firstname.lastname@example.org with NTLM to UPN name mapping for more information on NTLM to UPN name mapping.
|Legacy Article ID||a63354|