The RSA Authentication Agent for Windows can accept logins from users in the formats of username, username@domain and domain\username. However, by default, it will remove the domain name, and send just the username to the Authentication Manager server. The agent has a checkbox labeled
Send the domain name and user name to RSA Authentication Manager instead of just the user name. If this is checked, it will send a request in a format similar to domain\username.
However, it can do some normalization of the request. With the RSA Authentication Agent 7.2.1 for Windows:
- domain\username. The agent will case-normalize the domain name to uppercase. It does not try to case-normalize the username. For example, Username@Domain becomes DOMAIN\Username.
- username@domain. The agent case-normalizes the user name to lowercase. It does not try to case-normalize the domain name. An example is Username@Domain becomes Domain\username.
The RSA Authentication Manager server can be configured to use email addresses to identify users in an identity source, instead of using the default samAccountName. This would require an authentication request to be send in the form of user@domain, but the agent does not send in that format.
Authentication Manager can be configured to map a NTLM name (DOMAIN\username) to a UPN (user@domain) with NTLM mappings, to allow resolving the username. See the article on
how to authenticate to an RSA Authentication Agent for Windows as user@domain.com with NTLM to UPN name mapping for more information on NTLM to UPN name mapping.
