SecurID^® Discussions

JoseLuisMartinM · ‎2019-11-06

Hi all.

When we configured the Cloud Authentication Service for our company, the My Page enrollment page got the email adress registered in the AD as the way to authenticate in the page.

Now we would like to change that to another field, specifically the username. So, if we have a John Doe with user name "jdoe" and email "john.doe@company.com", we would like to use jdoe in My Page instead of john.doe@company.com

But I haven't been able to find where to change this (or even if it's possible).

Thanks

LenoreTumey · ‎2019-11-06

My Page expects to use the email address as the user identifier, but you can configure a SAML IdP (such as the SSO Agent on the IDR, or a different SSO provider) to allow the user to sign in with a username in a different format, and to then send My Page (the SAML SP) a NameID that contains the user's email address.

For example, if you're using the SSO Agent to do this, you would:

Ensure that your Identity Source has 'sAMAccountName' as the User Tag (so users can sign into the SSO Agent's login page using their short username)
Configure a SAML application (SSO agent is the IdP, My Page is the SP), and send the 'mail' attribute as the NameID
Configure My Page to use a Cloud Identity Provider (instead of password) for primary login, and point it to the SSO Agent's IdP URL

Once you do this, then users who navigate to My Page would be automatically redirected to the configured IdP so they could sign in (with their short username), and then they'd land at My Page. You can still apply a policy for additional authentication if desired.

View solution in original post

LenoreTumey · ‎2019-11-06

My Page expects to use the email address as the user identifier, but you can configure a SAML IdP (such as the SSO Agent on the IDR, or a different SSO provider) to allow the user to sign in with a username in a different format, and to then send My Page (the SAML SP) a NameID that contains the user's email address.

For example, if you're using the SSO Agent to do this, you would:

Ensure that your Identity Source has 'sAMAccountName' as the User Tag (so users can sign into the SSO Agent's login page using their short username)
Configure a SAML application (SSO agent is the IdP, My Page is the SP), and send the 'mail' attribute as the NameID
Configure My Page to use a Cloud Identity Provider (instead of password) for primary login, and point it to the SSO Agent's IdP URL

Once you do this, then users who navigate to My Page would be automatically redirected to the configured IdP so they could sign in (with their short username), and then they'd land at My Page. You can still apply a policy for additional authentication if desired.

JoseLuisMartinM · ‎2019-11-12

Hi, Lenore!

Thanks a lot for your answer. I'm trying to follow your steps, but it's my first time configuring an application. About the second point, the NameID... should it be something like this?

thanks

JoseLuisMartinM · ‎2019-11-12

Answering to myself, we got it working already. Thanks so much!!

SecurID® Discussions

Username options for the My Page MFA enrollment page

Cloud Authentication Service

SecurID^® Discussions