LDAPv3 Directory Server Attributes Synchronized for Authentication

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Sep 15, 2017
Version 18Show Document
  • View in full screen mode
  

RSA SecurID Access synchronizes six user attributes from your LDAPv3 directory server to the Cloud Authentication Service and uses these attributes to validate users for authentication. When you add an identity source by clicking Users > Identity Sources, you can enable synchronization for these attributes in either of two places:

  • If your deployment uses the SSO Agent in RSA SecurID Access, on the Additional Authentication page, you can select Synchronize user attributes for additional authentication to synchronize only the six attributes listed in the following table.
  • If your deployment uses a relying party, on the User Attributes page, you can select Use selected policy attributes with the Cloud Authentication Service. This checkbox enables synchronization of both the authentication attributes listed below and the policy attributes you select on that page to use for identifying the target user population in access policies.

When you add an identity source you must also map each user attribute to its corresponding attribute in your LDAPv3 directory server.

                                                                      
RSA SecurID Access Attribute NameAttribute ValueExample Attribute Name in LDAP Directory Server
Oracle Directory ServerApache Directory ServerOpenDJOpenLDAP
First NameUser's first name.givenNamegivenNamegivenNamegivenName
Last NameUser's last name.snsnsnsn
Email Address

User's email address.

Note:  This attribute must be named mail and must be in the LDAP directory's inetOrgPerson objectClass.

mailmailmailmail
SecurID Username

User's SecurID username. Typically, this is a short username, such as jdoe.

If your deployment does not include RSA Authentication Manager, set this attribute to the same value as the Primary Unique Identifier.

uiduiduiduid
Primary Unique IdentifierA unique identifying value (DN) for the user.entryDNentryDNentryDNentrydn
Secondary Unique IdentifierA unique and stable identifier for the user. The value of the Secondary Unique Identifier must not change, even if the user's name, email address, or DN changes over time.nsUniqueIdentryUUIDentryUUIDnsUniqueId
 

 

 

You are here
Table of Contents > Identity Sources > LDAPv3 Directory Server Attributes Synchronized for Authentication

Attachments

    Outcomes