How to authenticate to an RSA Authentication Agent for Windows as email@example.com with NTLM to UPN name mapping
RSA Product Set: SecurID RSA Product/Service Type: RSA Authentication Agent for Windows RSA Version/Condition: 7.x, 8.x
All users are listed as firstname.lastname@example.org, but the RSA administrator cannot make thousands of aliases to support agent login.
Is there any way to have the company.com\name automatically recognized by RSA as email@example.com without making an alias?
All users in the RSA Authentication Manager database are listed as firstname.lastname@example.org. The authentication agent sends either the username only, or company.com/username and no one authenticates.
Authentication activity monitor reports userid or alias not found.
Administrators cannot use aliases.
On the Windows machine hosting the RSA Authentication Agent the Send Domain Name option is checked.
Login to the Security Console on the primary Authentication Manager server.
Select Setup > System Settings.
Under Authentication settings click Agents.
Scroll to the bottom of the page for the section on Domain Name Mapping.
Fill out the NTLM box with company.com and UPN box with company.com.
For long domains such as domain1.domain2.company.com, you may only need to put domain1 in the NTLM box and not domain1.domain2.
Now test authentication with the real time authentication activity monitor open. The Authentication Manager server will translate the incoming authentications at the agent and the user is able to authenticate with the user ID of email@example.com and passcode. The Authentication Manager server receives company.com/name which doesn't actually exist and it automatically translates to firstname.lastname@example.org and authenticates.
If authentications do not work and login failures appear, watch the real-time authentication activity log. It should clearly show the translated names and indicate if there is something missing or added to the name and you can adjust the settings you chose above and try again until it matches your environment.