Symantec vip access review11/1/2022 ![]() ![]() ![]() We were able to find some information on how to extract the attributes and use traffic policies however not very sure how to use those. LDAP policies are configured to use samaccountname currently. Is there a way we can extract mail attribute for the users during the first authentication which is LDAP and once it is successful, NetScaler should send the mail attribute to Azure using NPS as RADIUS only. The 2FA works well if the samaccountname matches the mail attribute of the user and it matches the one in azure as well. See this comparison of Symantec VIP Access Monitor vs Microsoft Authenticator. Since NPS recieved samaccountname from Netscaler and not mail attribute, Azure errors out stating the user name does not exist or not found. Multi-factor authentication (MFA) software helps organizations to improve their overall level of security by requiring each user to prove their identity before they can access sensitive information, accounts and applications. User when provide samaccountname as primary ldap authentication, Netscaler verifies the same and pass on the same user details to NPS server which in turn communicates to Azure. the samaccountname does not match to the mail attribute synced to Azure. Keep it smart with the Symantec VIP Access. The scenario we have currently is for the users who have samaccountname as "test" and mail atribute synced to azure as test.n i.e. Get access to a platform that takes the best RPA practices and uses them to create powerful workflow automation. This resolves my half of the problem.I tested 2nd factor using NPS and it is working fine only for the user whose samaccountname matches the mail attribute which is synced to Azure AD. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |