SecurID^® Discussions

JohnMcKellep · ‎2020-06-10

We encountered an issue using the approve/deny assurance level for 2 factor into Office365. We have some users because of an error on the user account creators part, who had a name change and their email name is different then their UPN. They can use the MFA app tokencode fine to log into our VPN, but when they try to log into Office365 using the Approve/Deny it gives them a login failure. We think its because of the difference in their UPN versus email address. Might this be the issue and if so can we map to the UPN instead of the email?

TedBarbour · ‎2020-06-10

John McKellep‌ - please see Directory Server Attributes Synchronized for Authentication regarding use of the Alternate Username attribute.

This can be configured in the Cloud Admin Console under Users > Identity Sources > Edit > 3. Synchronize User Attributes.

Hope that helps,

Ted

View solution in original post

TedBarbour · ‎2020-06-10

John McKellep‌ - please see Directory Server Attributes Synchronized for Authentication regarding use of the Alternate Username attribute.

This can be configured in the Cloud Admin Console under Users > Identity Sources > Edit > 3. Synchronize User Attributes.

Hope that helps,

Ted

SecurID^® Discussions

can we change the settings on the cloud console to mapping the user to UPN instead of email?

Cloud Authentication Service

SecurID® Discussions

can we change the settings on the cloud console to mapping the user to UPN instead of email?

Cloud Authentication Service

SecurID^® Discussions