could anyone tell me if it's possible to use the E-mail attribute in an active directory account as login userid?
I do not want to use the username of the AD account because I want to use as much as possible the E-Mail of the user. This would make it a lot easier for resources and sso.
If possible, what is the best way to proceed?
Solved! Go to Solution.
Off the top of my head I would look at using LDAP instead of AD. You could then map the sign in attribute to the email address instead of the standard user name.
Hope that helps,
Muttbarker is correct, you can only pull those kind of information using the LDAP interface. Generally I prefer to use the LDAP interface as the information tends to be richer and the whole process tends to be faster, although it does need more work to setup in the first instance.
The other thing to remember is that you'll need to delete and re-create any role-mapping rules that use AD groups as the AD/LDAP formats are different.
so what I need to do is create a new LDAP authentication server and in the Finding user entries I put in the Filter field mail=<USER>
Or is there more to it then just this?
You are 100% correct - that will do just fine for authentication purposes. Please that in the Filter section of the finding user entries component of your Auth Server setup.
Thanks for the reply, I will try and test it as soon as possible.
Another question I have is regarding the password.
When linked to a LDAP server as authentication server, how does it work when the password is about to expire?
For example we need to change our password every 60 days, we get a warning 15 days in before. Will I get this warning on the IVE?