If neither Windows user name resolution (see Windows user name resolution) nor Active Directory user name resolution is used, the following formats are available to verify a user ID and domain:
- Similar format to user principal name (UPN), e.g. user@domain, sam@fqdn
- Separate user ID and domain fields
If the user@domain format is used for the user ID, OneSpan Authentication Server looks for a domain record with the name given after the '@'. If the domain is found, the @domain part is stripped from the user ID before the authentication process continues.
If no domain is found, the user ID will be left as user@domain, and no domain will be identified. In that case, the default domain is used for this logon attempt (see Default domain).
Configuring simple user name resolution
Simple user name resolution does not require additional configuration steps, unless users should be allowed to log on with alternative domain suffixes or their NT4-style user names.
To configure simple user name resolution
Log on to the Administration Web Interface.
Create a new domain with the FQDN as domain name:
- Select ORGANIZATION > Add domain.
- Specify a name for the domain, e.g. example.com.
- Specify the settings for the domain as needed.
Add alternative domain suffixes for the new domain:
- On the Manage domain page, switch to the UPN Suffixes tab and click EDIT.
- Click ADD NEW and add alternative UPN suffixes as needed, e.g.my.examplesuffix.com. If users should be allowed to log on with their NT4-style user name, add the NT4-style domain to the list of alternative UPN suffixes, e.g. EXAMPLE.
- Click SAVE.
Users are now able to log on with the following user name formats:
- userid@example.com
- userid@my.examplesuffix.com
- EXAMPLE\userid