- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2017 10:08 PM
Hi All,
We have a Domain Separated ServiceNow environment. As you know in LDAP integration samAccountName is mapped with the 'user_name' field of ServiceNow.
Due to domain separation we have multiple customer hosted on our ServiceNow. Our challenge is that samAccountName across all this customer are very common and there is a high chance that it will be same.In case of duplicate ServiceNow won't allow the user record to be created due to collaese in ldap transform map.
How can we tackle this situation ? I am looking to use any other unique parameter for example UPN to be mapped with 'user_name'.
Can we authenticate using UPN instead of samAccountName ?
Would like to hear from all of you.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2017 12:53 AM
Thanks berny, my concern was more from authentication point of view.
I have decided to map UPN with username, the authentication seems to work with it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2017 10:25 PM
Hi Sachin,
When the samAccountName (user ids) are very common, the best is to leverage the user guid field within the AD. You will need to also create an LDAP guid field within the users table so that way you can keep the match.
For various year I did this in various implementations and it worked like a charm
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2017 10:32 PM
Hi Berny,
What I am not able to understand is which parameter will ServiceNow use for authentication.
1. Does it match 'user_name' of ServiceNow with samAccountName of AD ?
Or can we explicitly define what parameter of ServiceNow should be checked with AD ?
Am I missing something here ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2017 10:39 PM
Hi Sachin,
By default ServiceNow will use the user_name field, but you can modify your import/transform LDAP logic so that the coalesce takes place in 1 or more other fields.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2017 10:30 PM
The following two threads should also be helpful:
Can someone explain the Object GUID field using LDAP
I hope this helps
Thanks,
Berny
