RSA SecurID Access synchronizes six user attributes from your LDAPv3 directory server to the Cloud Authentication Service and uses these attributes to validate users for authentication. When you add an identity source by clicking Users > Identity Sources, you can enable synchronization for these attributes in either of two places:
- If your deployment uses the SSO Agent in RSA SecurID Access, on the Additional Authentication page, you can select Synchronize user attributes for additional authentication to synchronize only the six attributes listed in the following table.
- If your deployment uses a relying party, on the User Attributes page, you can select Use selected policy attributes with the Cloud Authentication Service. This checkbox enables synchronization of both the authentication attributes listed below and the policy attributes you select on that page to use for identifying the target user population in access policies.
When you add an identity source you must also map each user attribute to its corresponding attribute in your LDAPv3 directory server.
|RSA SecurID Access Attribute Name||Attribute Value||Example Attribute Name in LDAP Directory Server|
|Oracle Directory Server||Apache Directory Server||OpenDJ||OpenLDAP|
|First Name||User's first name.||givenName||givenName||givenName||givenName|
|Last Name||User's last name.||sn||sn||sn||sn|
|Email Address|| |
User's email address.
Note: This attribute must be named mail and must be in the LDAP directory's inetOrgPerson objectClass.
|SecurID Username|| |
User's SecurID username. Typically, this is a short username, such as jdoe.
If your deployment does not include RSA Authentication Manager, set this attribute to the same value as the Primary Unique Identifier.
|Primary Unique Identifier||A unique identifying value (DN) for the user.||entryDN||entryDN||entryDN||entrydn|
|Secondary Unique Identifier||A unique and stable identifier for the user. The value of the Secondary Unique Identifier must not change, even if the user's name, email address, or DN changes over time.||nsUniqueId||entryUUID||entryUUID||nsUniqueId|
Note: SMS Tokenocde Phone Number and Voice Tokencode Phone Number are also synchronized if you configure them when you add an identity source.