When OnBase is configured to use Active Directory - Enhanced as the Source of Security Information, the Active Directory Security ID (SID) is always used to look up users in OnBase. If a matching SID is found for a user in OnBase, that user is logged in to OnBase.
If a matching SID is not found, the Active Directory Username Mapping Attribute value is used to match an OnBase user name to an Active Directory user. The default value of the Username Mapping Attribute is sAMAccountName, which is the Windows UserID attribute.
The following logic is employed when adding users in this way:
-
If a match is found between the OnBase user name and the Username Mapping Attribute value, and the SID is not populated in OnBase for that user, the corresponding SID is populated in OnBase for that user account.
-
If a match is found between the OnBase user name and the Username Mapping Attribute value, and a SID is already populated for that user name in OnBase with a SID that does not match the SID of the user currently logging in, then a new user account is created in OnBase for the current user logging in, based on the SID of that user. In this case, the Username Mapping Attribute value is populated as the user name of the new user account in OnBase. This allows OnBase to support multiple domains that may have different users with the same user name.
Note:In cases where a new user account is created and the Username Mapping Attribute value matches an existing OnBase user name, a number is appended to the new user name in OnBase(e.g., User, User2, User3 and etc.).
-
If a match is not found between the OnBase user name and the Username Mapping Attribute value, a new user account is created in OnBase based on the SID of the user logging in. In this case, if a new OnBase user account is created, the Username Mapping Attribute value is populated as the user name in OnBase.