LDAP Authentication using UserPrincipalName (UPN)

sach1
Tera Guru

Hi All,

We have a Domain Separated ServiceNow environment. As you know in LDAP integration samAccountName   is mapped with the 'user_name' field of ServiceNow.

Due to domain separation we have multiple customer hosted on our ServiceNow. Our challenge is that samAccountName   across all this customer are very common and there is a high chance that it will be same.In case of duplicate ServiceNow won't allow the user record to be created due to collaese in ldap transform map.

How can we tackle this situation ? I am looking to use any other unique parameter for example UPN to be mapped with 'user_name'.

Can we authenticate using UPN instead of samAccountName   ?

Would like to hear from all of you.

1 ACCEPTED SOLUTION

Thanks berny, my concern was more from authentication point of view.


I have decided to map UPN with username, the authentication seems to work with it.


View solution in original post

8 REPLIES 8

Data population is not a problem for us. The scenario is like below:


User table is shared in a domain separated ServiceNow instance. Customer A & B both have a user with user_name as berny.alv



Again Login page is common on the domain separated platform.



Now how will ServiceNow identify which customer does berny.alv belong to A or B ?


Hi Sachin,



I believe there's various approaches to that.



You can leverage the company field to populate the "company"/"domain" from which the user is coming from. Normally you will have different LDAP definition and import/transform process per users, so it's possible to populate each user record with the respective company it belongs to.



I also have seen other implementations where the user name will have a prefix that relates to the domain of the customer. Again, that's configured at each LDAP import/transform specific for each customer/domain



Thanks,


Berny


I hope that helps.


Thanks berny, my concern was more from authentication point of view.


I have decided to map UPN with username, the authentication seems to work with it.