Active Directory Attributes Synchronized for Authentication

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Sep 15, 2017
Version 17Show Document
  • View in full screen mode
 

RSA SecurID Access synchronizes six user attributes from Active Directory to the Cloud Authentication Service and uses these attributes to validate users for authentication. When you add an identity source by clicking Users > Identity Sources, you can enable synchronization for these attributes in either of two places:

  • If your deployment uses RADIUS or the SSO Agent in RSA SecurID Access, on the Authentication Attributes page, you can select Synchronize user attributes for additional authentication to synchronize only the six attributes listed in the following table.
  • If your deployment uses RADIUS or a relying party, on the User Attributes page, you can select Use selected policy attributes with the Cloud Authentication Service. This checkbox enables synchronization of the six attributes for authentication listed below and the policy attributes you select on that page to use for identifying the target user population in access policies.
 
                                    
Active Directory Attribute for Authentication Usage
givenName First name
sn Last name
mail Email address/User ID
sAMAccountName User ID for RADIUS and RSA SecurID authentication.
distinguishedName Used internally during device registration.
objectGUID Used internally to identify users during synchronization.

 

 

You are here
Table of Contents > Identity Sources > Active Directory Attributes Synchronized for Authentication
1 person found this helpful

Attachments

    Outcomes