How to ignore username's NTLM or "down-level logon name" domain name prefix sent by a radius client or agent in RSA Authentication Manager 8.x

a year ago

Originally Published: 2015-01-13

Article Number

000066590

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Palo Alto / Radius client

Issue

Security Console - Setup - System, Agents, allows conversion of NTLM names to UPN names.
The UPN Keywork RSAOMIT allows stripping off of NTLM names from in front of a UserID, so you are left with a SamAccountName

Resolution

Here is how to strip or ignore the domain name for the example COGWELLCOGS\userid.

Go to Security Console > Settings > Agent Settings.
In the section Domain Name Mapping, enter the domain name in the NTLM Name (for ex. COGSWELLCOGS).
Enter RSAOMIT in the UPN Name. RSAOMIT is a keyword which will suppress only the NTLM Name specified. If you have more than one DOMAIN to omit, add additional mappings to RSAOMIT.
Click Save to save changes.

COGWELLCOGS\userid will now authenticate as user id userid.
NTLM2UPN_setup

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles