RSA SecurID Access synchronizes six user attributes from Active Directory to the Cloud Authentication Service and uses these attributes to validate users for authentication. When you add an identity source by clicking Users > Identity Sources, you can enable synchronization for these attributes in either of two places:
- If your deployment uses RADIUS or the SSO Agent in RSA SecurID Access, on the Authentication Attributes page, you can select Synchronize user attributes for additional authentication to synchronize only the six attributes listed in the following table.
- If your deployment uses RADIUS or a relying party, on the User Attributes page, you can select Use selected policy attributes with the Cloud Authentication Service. This checkbox enables synchronization of the six attributes for authentication listed below and the policy attributes you select on that page to use for identifying the target user population in access policies.
|Active Directory Attribute for Authentication||Usage|
|Email address/User ID|
|sAMAccountName||User ID for RADIUS and RSA SecurID authentication.|
|distinguishedName||Used internally during device registration.|
|objectGUID||Used internally to identify users during synchronization.|