Active Directory Username Mapping Attribute - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Essential - Premier - Standard

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Essential
Premier
Standard

The Active Directory Username Mapping Attribute option is for use with Active Directory - Enhanced or LDAP authentication methods.

The Active Directory Username Mapping Attribute option allows administrators to specify which Active Directory attribute to correlate with the user names of the associated OnBase user accounts. OnBase uses the value of the sAMAccountName attribute by default, but any attribute that contains the user name values of the corresponding OnBase accounts can be used.

CAUTION:

The value of the Active Directory attribute configured as the Active Directory Username Mapping Attribute must be unique across all Active Directory users and must be populated for all Active Directory users. If an attribute with a non-unique value is used it is possible that multiple Active Directory users will be mapped to a single user account in OnBase.

For example, if user John Smith logs in to Windows as jsmith001, then the value of the sAMAccountName attribute is jsmith001. However, his user name in OnBase is JSMITH, which corresponds to the value of the displayName attribute in Active Directory. So in order for the jsmith001 Active Directory account to be successfully mapped to the JSMITH OnBase user account, the Active Directory Username Mapping Attribute must be set to displayName, not sAMAccountName.

Note:

The Active Directory Username Mapping Attribute value does not affect how users log in using interactive mode (enabled by the Interactive User Authentication options). For interactive mode logins, the user must always log in using their network/domain account name, which is the value of the sAMAccountName attribute. After the user is authenticated in the domain, OnBase uses the Active Directory Username Mapping Attribute to determine the user name in OnBase.