Active Directory user name resolution

For the authentication of Active Directory users, there are a few ways to provide user ID and domain details when logging in:

• NT4-style domain qualification in front of the SAM account name, e.g. DOMAIN\userid

  This logon format requires the creation of an alternative domain suffix via Administration Web Interface. For more information about domain suffixes, see Alternative UPN suffixes.

• User principal name (UPN), e.g. userid@domain

• UPN with domain suffix, e.g. userid@alternative.domainsuffix

  This logon format requires the creation of an alternative domain suffix via Administration Web Interface. For more information about domain suffixes, see Alternative UPN suffixes.

If the user account corresponds to a Windows user account, Active Directory user name resolution can be used to support these logon formats. This resolution mechanism is a platform-independent alternative to Windows user name resolution for Active Directory users (see Windows user name resolution). It can be used if OneSpan Authentication Server is installed on a server that is either not a member server of the Windows domain or running a Linux operating system.

UPN and SAM account name will be translated for Active Directory users. The following prerequisites for using this feature apply:

• Active Directory user name resolution is enabled.
• Windows user name resolution is disabled or does not exist.
• The back-end system is Active Directory or Global Catalog.

You can enable Active Directory user name resolution in the back-end server settings via OneSpan Authentication Server Administration Web Interface.