When OnBase is configured to use Active Directory - Enhanced as the Source of Security Information, the Active Directory Security ID (SID) is always used to look up users in OnBase. If a matching SID is found for a user in OnBase, that user is logged in to OnBase. In this case, if a matching SID is found, the Username Mapping Attribute value is not used.
If a matching SID is not found, the Username Mapping Attribute value is used to match an OnBase user name to an Active Directory user. The following logic is employed when looking up users in this way:
-
If a match is found between the OnBase user name and the Username Mapping Attribute value, and the SID is not populated in OnBase for that user, the corresponding SID is populated in OnBase for that user account. Future authentications ignore the Username Mapping Attribute value because the SID is used during user lookup.
-
If a match is found between the OnBase user name and the Username Mapping Attribute value, and a SID is already populated for that user name in OnBase with a SID that does not match the SID of the user currently logging in, then a new user account is created in OnBase for the current user logging in, based on the SID of that user. In this case, the Username Mapping Attribute value is populated as the user name of the new user account in OnBase. Future authentications ignore the Username Mapping Attribute value because the SID is used during user lookup. This allows OnBase to support multiple domains that may have different users with the same user name.
Note:In cases where a new user account is created and the Username Mapping Attribute value matches an existing OnBase user name, a number is appended to the new user name in OnBase(e.g., User, User2, User3, and etc.).
-
If a match is not found between the OnBase user name and the Username Mapping Attribute value, a new user account is created in OnBase based on the SID of the user logging in. In this case, if a new OnBase user account is created, the Username Mapping Attribute value is populated as the user name in OnBase. Future authentications ignore the Username Mapping Attribute value because the SID is used during user lookup.