The environment consists of one main primary Domain-A and another acquired Domain-B (the domains are not in the same forest but do have a trust).
The main Domain-A has user accounts for all the users in the acquisition Domain-B (Same samaccount name).
The requirement is to be able to authenticate users from both domains, and to use rollout mode for users that do not have tokens yet. Also, need to automatically find a user in Domain-B if the user is not a member of Domain-A.
At this time, it is confirmed that 2 proxies cannot run on one DSS.
WORKAROUND
Create DSS's in both domains. In the main primary Domain-A create an Access Node for Domain-A authentication requests. Then create another proxy access nodes for password only (for rollout mode). Defender will not allow the use of a second proxy access node to forward Defender users not found in Domain-A to the other Domain-B. Defender will attempt to authenticate a user to one of the proxies, but not both.
STATUS
This feature may be introduced in a future version of Defender.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center