AnsweredAssumed Answered

samAccountName,userPrincipalName and RADIUS

Question asked by JOHN MILLER on Jul 10, 2019
Latest reply on Jul 29, 2019 by JOHN MILLER


I am trying to figure out an issue I’m having.

I have VPN authentication happening via RADIUS running on AM8 latest version. Users authenticate with AD username.

I deployed an IDR and configured the o365 SAML SSO integration.

Both VPN and RADIUS were working. Users could connect to the VPN with both HW tokens and the Authenticate app OTP.

The only issue was that users were required to sign into the portal using the AD account. This was confusing since they were going to the Office 365 portal first and then being redirected to the IDR and it required the AD username not the UPN.

I changed the “User Tag (SSO Agent Only)” attribute in the IDR Identity source from “samAccountName” to “userPrincipalName”.  This fixed the portal issue (it is now accepting UPN) but broke the VPN.

The error I get in the logs is “Unable to resolve user by login ID and/or alias, or authenticator not assigned to user”


What else do I need to change? I can’t find any documentation on this.