By default, the toolbar and the logout pop-up of the Self-Service Site display both the display name and the AD LDS domain name where the user is logged in (in the <User Display Name> (<AD LDS domain>) format). For example:
Sam Smith (ADLDS-domain)
If the security policies of your organization require hiding personally identifiable information (PII) on the user interface, you can configure Password Manager for AD LDS to truncate PII on the Self-Service Site, for example as:
S** S**** (ADLDS-domain)
To hide PII on the Self-Service Site for the logged-in users
-
In the Password Manager Administration Site, navigate to General Settings > Search and Logon Options.
-
Scroll down to Security Settings.
-
Enable Do not show personally identifiable information (PII) for the logged in user.
Once you are ready, logging in next time to the Self-Service Site with any user will display truncated PII for the logged-in user.
NOTE: The amount of user information truncated by the Do not show personally identifiable information (PII) for the logged in user setting is affected by the configured user account search options described in Configuring Search Options for the Self-Service Site
-
Truncating PII with the Do not allow users to search for their accounts option also selected will truncate the entire expanded PII. For example, setting the Users must enter the following user account attribute... > Self-Service Site sub-setting to mail will result in both the user display name and their email address being truncated. For example, Sam Smith (sam.smith@example.com) will be truncated as:
S** S**** (s********************)
-
Truncating PII with the Allow users to search for their accounts option also selected will truncate only the user name of the logged-in user, but not the name of the AD LDS instance they are connected to. For example:
S** S**** (adlds-instance)