Mapping login name to UPN name in RSA Authentication Manager 8.x
Originally Published: 2014-01-29
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
As an example,
- A customer has multiple identity sources with different domains and wants to use NTLM-UPN mapping with Authentication Manager 8.x.
- The RSA Authentication Agent for Windows is configured to send the user ID as domain_name\username.
- The real-time monitor shows the user as itservices\jsmith, so the agent is working as expected.
- The user enters itservices\jsmith on the authentication agent on Windows; however Authentication Manager is supposed to convert it to jsmith@itservices.local, as per the mapping.
- Launch the Operations Console on the primary server.
- Navigate to Deployment Configuration > Identity Source.
- Click on the identity source and choose Edit.
- Click on the Map tab.
- Under Directory Configuration - User Tracking Attributes, next to UserID and Maps to, set the value to userPrincipalName.
- Launch the Security Console and login as a super admin.
- Navigate to Setup > System Settings.
- Under Authentication Settings, click on Agents.
- Scroll to Domain Name Mapping.
- For each identity source, enter the following data:
- In the NTLM Name text box, enter the proper NTLM name.
- In the UPN Name box, enter the UPN name.
- Click Add.
- When done, click Update.
For example,
|
NTLM Name
|
UPN Name
|
|---|---|
|
domain1
| |
|
domain2
| |
|
internaldb
|
- On the RSA Authentication Agent, launch the RSA Control Center.
- Select Advanced Settings.> Challenge Settings.
- Select the option to users in a group.
- Check the box to Send domain name /username.
- From the Authentication Manager primary, launch the real time authentication activity monitor (Reporting > Reports > Real Time Monitor > Real Time Authentication Activity and press Start Monitor).
- Logon to the Windows machine with the agent installed using user name and passcode and watch the authentication monitor to see the results. You should see a notice a passcode accepted message for the user.
Related Articles
How to troubleshoot On-Demand Authentication (ODA) login failures in RSA Authentication Manager 8.x Number of Views RSA Authentication Agent for Windows shows no login tiles on the login screen Number of Views Slow Windows login; Windows Password Integration (WPI) does not work for RSA Authentication Agent 7.3.3 for Windows Number of Views How to authenticate to an RSA Authentication Agent for Windows as user@domain.com with NTLM to UPN name mapping Number of Views Send both user name and domain name to the server during an RSA Authentication Agent for Windows authentication request Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
