Skip to content

How can we improve DriveLock?

← DriveLock Customer Forum

SAML Anmeldung mit UPN

Aktuell wird für die SAML-Authentifizierung immer der Identifier des Benutzers verwendet.
Bei AD-Benutzern wird die SID verwendet. Die SID kann jedoch mit dem System als SAML-Response übergeben werden.
Somit ist der SAML Login mit einem AD-User nicht möglich, wenn die Response keine SID enthält.

Die SAML Einstellung sollten die Möglichkeit bieten sich mittels UserPrincipalName anzumelden.

1 vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

BMWGroup shared this idea  ·   ·  Report…  ·  Admin →
declined  ·  AdminAndreas Fuchs (Product Management, DriveLock SE) responded  · 

Thank you for reaching out with your feature request regarding logging in with SAML using the UserPrincipalName (UPN) in DriveLock. After careful consideration, we've decided not to implement this specific request, as it addresses a very niche requirement and there are valid alternative solutions available.


Option 1: You can create an email account using the UPN and specify the UserPrincipalName as a property in the DriveLock SAML configuration. Alternatively, you can map another field to contain an email address. Currently, the UPN is the closest match to an email address.


Option 2: If you wish to use existing AD accounts, you can store the Security Identifier (SID) with the Identity Provider and specify the corresponding property in the DriveLock SAML configuration.


We believe these alternatives will effectively meet your needs. Please feel free to reach out if you have any questions or need further assistance.


Best regards,

DriveLock Team

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

DriveLock Customer Forum: Environment Management

Categories

Feedback and Knowledge Base

(thinking…)