Can you tell me if QESSO grabs the Active Directory (AD) username when populating the username for applications that are defined as a primary account? If not, can you please explain in detail how it works.
If ESSO is pulling the username from Active Directory for applications that are defined as primary accounts, when a user enters their AD login in upper case it then shows up in SSOWatch as uppercase. The same is true if the user enters their AD user ID in lowercase. It shouldn't matter what the user enters in as their user ID because the username is being pulled from whatever is set in Active Directory.
Can you explain why this is the case?
Setting the application to use 'primary account' type means it uses the authenticated credentials; 'standard' means the user has to enter credentials. SSOWatch will use the information the user entered on login if integrated authentication is used.
For example, if the user logs in and types jsmith, then SSOWatch will use jsmith for an application that uses a primary account. This will be true even if the user ID in AD is uppercase, i.e., JSMITH, or a mixture of upper and lower case, e.g. JSmith.
SSOWatch can convert the entered information. Please refer to the SSOWatch admin guide for steps on how to do this, as well as Solution SOL88637: https://support.quest.com/Search/SolutionDetail.aspx?id=SOL88637.
So in the case that the user enters JSmith, but the application requires lowercase only, SSOWatch can use the AD attribute required and convert it, as applicable.