LDAPv3 User Verification for the Cloud Authentication Service

Document created by RSA Information Design and Development on Aug 18, 2017Last modified by RSA Information Design and Development on Sep 15, 2017
Version 2Show Document
  • View in full screen mode

The identity router verifies the user’s identity source account by checking with the directory server. If the account is enabled, the identity router sends the Authenticate Tokencode to Cloud Authentication Service for verification. If your deployment uses an LDAPv3 identity source, RSA SecurID Access checks the following user attributes to determine the user's disabled status.

                       
AttributeSetting
ds-pwp-account-disabled true for disabled accounts.
nsaccountlocktrue for disabled accounts.
shadowExpire0 for disabled accounts.

If your LDAPv3 server does not use these attributes to indicate disabled status, RSA SecurID Access treats all users in the identity source as enabled.

 

 

You are here
Table of Contents > Identity Sources > LDAPv3 User Verification for the Cloud Authentication Service

Attachments

    Outcomes