Active Directory Attributes Synchronized for Authentication

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Feb 9, 2018
Version 21Show Document
  • View in full screen mode

RSA SecurID Access synchronizes user attributes from Active Directory to the Cloud Authentication Service and uses these attributes to validate users for authentication. When you add an identity source by clicking Users > Identity Sources, you can enable synchronization for these attributes in either of two places:

  • On the Authentication Attributes page, select Synchronize user attributes for additional authentication to synchronize only the attributes listed in the following table.
  • If your deployment uses RADIUS or relying parties, on the User Attributes page, you can select Use selected policy attributes with the Cloud Authentication Service. This checkbox enables synchronization of the policy attributes you select on that page to use for identifying the target user population in access policies, and the attributes for authentication listed below.
Active Directory Attribute for Authentication Usage
givenName First name
sn Last name
mail Email address/User ID
sAMAccountName User ID for RADIUS and RSA SecurID authentication.
distinguishedName Used internally during device registration.
objectGUID Used internally to identify users during synchronization.

Note:  SMS Tokenocde Phone Number and Voice Tokencode Phone Number are also synchronized if you configure them when you add an identity source.



You are here
Table of Contents > Identity Sources > Active Directory Attributes Synchronized for Authentication
1 person found this helpful