- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-20-2017 10:08 PM
Hi All,
We have a Domain Separated ServiceNow environment. As you know in LDAP integration samAccountName is mapped with the 'user_name' field of ServiceNow.
Due to domain separation we have multiple customer hosted on our ServiceNow. Our challenge is that samAccountName across all this customer are very common and there is a high chance that it will be same.In case of duplicate ServiceNow won't allow the user record to be created due to collaese in ldap transform map.
How can we tackle this situation ? I am looking to use any other unique parameter for example UPN to be mapped with 'user_name'.
Can we authenticate using UPN instead of samAccountName ?
Would like to hear from all of you.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-21-2017 12:53 AM
Thanks berny, my concern was more from authentication point of view.
I have decided to map UPN with username, the authentication seems to work with it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-20-2017 10:40 PM
Data population is not a problem for us. The scenario is like below:
User table is shared in a domain separated ServiceNow instance. Customer A & B both have a user with user_name as berny.alv
Again Login page is common on the domain separated platform.
Now how will ServiceNow identify which customer does berny.alv belong to A or B ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-20-2017 10:51 PM
Hi Sachin,
I believe there's various approaches to that.
You can leverage the company field to populate the "company"/"domain" from which the user is coming from. Normally you will have different LDAP definition and import/transform process per users, so it's possible to populate each user record with the respective company it belongs to.
I also have seen other implementations where the user name will have a prefix that relates to the domain of the customer. Again, that's configured at each LDAP import/transform specific for each customer/domain
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-20-2017 10:51 PM
I hope that helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-21-2017 12:53 AM
Thanks berny, my concern was more from authentication point of view.
I have decided to map UPN with username, the authentication seems to work with it.
