cancel
Showing results for 
Search instead for 
Did you mean: 

Add UPN to existing policy

The-messenger
Cirrostratus
Cirrostratus

I have an existing access policy - login page ---- ad auth --- sso. I need to add userprincipalname as a username option.

 

Do I add ad query before ad auth or add a branch rule to the login page?

 

1 ACCEPTED SOLUTION

The-messenger
Cirrostratus
Cirrostratus

 

As @Stanislas_Piro2 has pointed out in several threads...

- Add LDAP/AD query to get samAccountName
- Added a Variable Assign session.logon.last.username = expr { "[mcget {session.ldap.last.attr.sAMAccountName}]" }
(I've never been able to get SSO-Credential Mapping to change the username to sAMAccountName)

From here APM will work with the samAccountName,  just do AD Auth whatever else you need.

Then I need to change the username back to UPN for the application.

 
 
 
 
 

View solution in original post

1 REPLY 1

The-messenger
Cirrostratus
Cirrostratus

 

As @Stanislas_Piro2 has pointed out in several threads...

- Add LDAP/AD query to get samAccountName
- Added a Variable Assign session.logon.last.username = expr { "[mcget {session.ldap.last.attr.sAMAccountName}]" }
(I've never been able to get SSO-Credential Mapping to change the username to sAMAccountName)

From here APM will work with the samAccountName,  just do AD Auth whatever else you need.

Then I need to change the username back to UPN for the application.