A logon alias allows users to log on with a user group ID. The user group ID is associated with a user group that has access to a restricted agent or that has been enabled on an unrestricted agent.
For example, users can have a User ID based on their first initial and last name, such as, “kmiller,” as well as an administrative User ID with a specific name, for example “root.” If a logon alias is established, Authentication Manager verifies the authentication using the user’s passcode, regardless of the User ID that the user entered to log on to the operating system. For backward compatibility, a shell value is also maintained by the system.
A logon alias can also be used in deployments where there are users with the same User ID. An alias that further identifies the user may prevent conflicts when these users attempt to authenticate. In the authentication settings for a user, you can also prevent a user from authenticating with the default User ID and instead require that the user authenticate with an alias.
To allow a user to authenticate with a logon alias on a restricted agent, you must grant the user group that is associated with the alias access to the agent. Although all users within a deployment can access an unrestricted agent, a user cannot authenticate with a logon alias until you enable the user group that is associated with the alias on the unrestricted agent.
You can assign logon aliases on the Authentication Settings page in the Security Console. This page is accessed through the user Context menu. For instructions, see Manage User Authentication Settings.