One Identity Safeguard for Privileged Sessions 7.5

One Identity Safeguard for Privileged Sessions 7.5 - Installation Guide

In addition to the common parameters, the Active Directory (AD) backend has the following additional configurable parameters:

membership_check: Enable AD group membership check enables AD specific non-primary group membership checking.

NOTE:

The AD user’s primary group is always checked regardless of this setting.
- nested_groups: Enable nested groups allows AD nested group support. See below for details.

Additionally, AD supports case and accent insensitive matching in many of the user and group name attributes. Since One Identity Safeguard for Privileged Sessions (SPS) relies on the server to perform comparisons, case and accent insensitive user and group name support depends solely on the server configuration.

User identification in AD

To determine the user entry for a given plain username, SPS performs a search under user_base_dn for objects having either the sAMAccountName or the userPrincipalName equal to the plain username of the user. The objectClass of the user object is not restricted.

NOTE:

Although userPrincipalName in AD is a Internet-style name like user@example.com, it matches simple names like user.

Only the user object returned here is used for group membership checks.

Veuillez sélectionner votre produit

Afin de mieux répondre à vos besoins, précisez l'objet du tchat:

Solutions recommandées pour votre problème

One Identity Safeguard for Privileged Sessions 7.5 - Installation Guide

Active Directory LDAP backend

User identification in AD