RSA SecurID Access synchronizes user attributes from Active Directory to the Cloud Authentication Service and uses these attributes to validate users for authentication. When you add an identity source by clicking Users > Identity Sources, you can enable synchronization for these attributes in either of two places:
- On the Authentication Attributes page, select Synchronize user attributes for additional authentication to synchronize only the attributes listed in the following table.
- If your deployment uses RADIUS or relying parties, on the User Attributes page, you can select Use selected policy attributes with the Cloud Authentication Service. This checkbox enables synchronization of the policy attributes you select on that page to use for identifying the target user population in access policies, and the attributes for authentication listed below.
|Active Directory Attribute for Authentication||Usage|
|Email address/User ID|
|sAMAccountName||User ID for RADIUS and RSA SecurID authentication.|
|distinguishedName||Used internally during device registration.|
|objectGUID||Used internally to identify users during synchronization.|
Note: SMS Tokenocde Phone Number and Voice Tokencode Phone Number are also synchronized if you configure them when you add an identity source.