Active Directory user name resolution
For the authentication of Active Directory users, there are a few ways to provide user ID and domain details when logging in:
-
NT4-style domain qualification in front of the SAM account name, e.g. DOMAIN\userid
This logon format requires the creation of an alternative domain suffix via Administration Web Interface.
- User principal name (UPN), e.g. userid@domain
-
UPN with domain suffix, e.g. [email protected]
This logon format requires the creation of an alternative domain suffix via Administration Web Interface.
If the user account corresponds to a Windows user account, Active Directory user name resolution can be used to support these logon formats. This resolution mechanism is a platform-independent alternative to Windows user name resolution for Active Directory users (see Windows user name resolution). It can be used if OneSpan Authentication Server is installed on a server that is either not a member server of the Windows domain or running a Linux operating system.
UPN and SAM account name will be translated for Active Directory users. The following prerequisites for using this feature apply:
- Active Directory user name resolution is enabled.
- Windows user name resolution is disabled or does not exist.
- The back-end system is Active Directory or Global Catalog.
For more information about user name resolution in OneSpan Authentication Server, refer to the OneSpan Authentication Server Administrator Guide.