Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Directory UPN Login Possible?

brascatmalarky_
Occasional Contributor
‎01-27-2010 08:56:AM
‎01-27-2010 08:56:AM

Active Directory UPN Login Possible?

Is it possible to login to the SSL front page using full Active Directory login, for example I can only login as;

firstname.surname

When I would like to be able to login as;

[email protected]

Currently if I try to login using the full UPN login, it is denied.

Any ideas?

Thanks in advance.

0 Kudos
7 REPLIES 7
muttbarker_
Valued Contributor
‎01-27-2010 10:28:AM
‎01-27-2010 10:28:AM

Re: Active Directory UPN Login Possible?

Sure - you can do this pretty easily if you want to use LDAP instead of AD. Just specify the LDAP attribute of userprincialname in the user entry piece of the auth server setup. userprincipalname=user.

Should work just fine.

0 Kudos
brascatmalarky_
Occasional Contributor
‎01-28-2010 05:26:AM
‎01-28-2010 05:26:AM

Re: Active Directory UPN Login Possible?

Thanks for the reply,

One quick question (sorry I'm a bit new to this) just want to check that I should make that change under Aythentication Servers -> LDAP -> Finding User Entries like in the attached picture.

Thanks again,

0 Kudos
muttbarker_
Valued Contributor
‎01-28-2010 07:03:AM
‎01-28-2010 07:03:AM

Re: Active Directory UPN Login Possible?

Guess I wasn't to clear on that Smiley Happy Yes - you are correct! This maps the LDAP UPN value to the SA "user" value.

0 Kudos
stine_
Super Contributor
‎02-03-2010 12:24:AM
‎02-03-2010 12:24:AM

Re: Active Directory UPN Login Possible?

Kevin, have you run into problems deleting an AD auth server and re-creating it as an LDAP auth server? I seem to recall that going back and forth like that caused the IVE not to be able to join the domain, and that I had to modify the default IVE computername (under advanced). but I may not be remebering correctly.

Also if you do this, don't you have to re-build all of your role-mapping rules?

0 Kudos
muttbarker_
Valued Contributor
‎02-03-2010 09:21:AM
‎02-03-2010 09:21:AM

Re: Active Directory UPN Login Possible?

Hey Theo - Our SA box is used for both production and then testing of customer environments. So I have about 10 / 12 different auth servers defined at any time. Instead of deleting a server (IE as AD and the creating a new LDAP) I have multiple AD with different access users, multiple LDAP with different attributes (username, email, UPN....) and then I just swap them out for testing authentication within my various roles. Same goes for server types - W2K - 2003, 2008....

I can attach to a single domain server with all of thse auth definitions with no problems. If I build out a new AD auth server definition for a domain that I am alreday using then I give it a different computer name. LDAP does not use computer name for attachment.

Also I typically always use LDAP for authorization so role mapping never changes.

Hope that clarifies.

0 Kudos
stine_
Super Contributor
‎02-16-2010 09:13:AM
‎02-16-2010 09:13:AM

Re: Active Directory UPN Login Possible?

Yes it does, thanks.

0 Kudos
Mrkool_
Super Contributor
‎02-18-2010 07:41:AM
‎02-18-2010 07:41:AM

Re: Active Directory UPN Login Possible?

one thing to keep in mind when going rom AD to LDAP is that all your users custom bookmarks they have created are stored in the AD auth server so if you do this you will loose all those as currently there is no way to export the user created bookmarks and import them into another auth server

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.