Add Default Security Domain Mappings

Document created by RSA Information Design and Development Employee on Jun 13, 2017Last modified by RSA Information Design and Development Employee on Jan 19, 2021
Version 17Show Document
  • View in full screen mode

Security domain mappings allow you to override the system’s default behavior of adding all users from an LDAP identity source to the top-level security domain. Using security domain mapping, you can configure the system to add users from an LDAP identity source into a specific security domain.

The following table contains examples of mapping from an external identity source to a lower-level security domain, where the hierarchy of the directory is Com > My Company > Sales > Commercial and Com > My Company > Sales > Retail.


Identity Source User Base DN

Security Domain





Before you begin

  • The identity source must be in your administrative scope.

  • You must have the Security Domain Mappings permission.


  1. In the Security Console, click Setup > Identity Sources > Default Security Domain Mapping.

  2. In the Identity Source field, select the identity source where you want to add security domain mappings.

  3. In the Security Domain Mapping section, click Add/Update Mapping.

  4. In the Distinguished Name field, enter the full DN for the object in the identity source that you want to map to a security domain. Specify the DN in standard LDAP Data Interchange Format, for example, ou=commercial,ou=sales.

  5. Enter the top-level organizational unit (OU) after the lower-level OU.

  6. From the Security Domain menu, select the security domain to which users in the DN should be added.

  7. Click Add.

  8. For each security domain you want to map, repeat steps 4 to 6.

  9. Click Save.

After you finish 

To verify that the default mapping produces the desired results, test the mapping. For more information, see Test Default Security Domain Mappings.




You are here
Table of Contents > Identity Sources > Add Default Security Domain Mappings