The User Logon Name rule is used to define how the cn, userPrincipalName and sAMAccountName LDAP attributes will be defined during user provisioning.
This rule allows you to specify multiple naming formats to use for scenarios where the user's logon name may already be in use by another user. Remember that each user logon must be unique, so be sure to provide additional naming formats to avoid a conflict and failure point.
If required, you can use different formats for sAMAccountName and cn (Common Name) as shown below.
Connect to AD will load default naming formats, which are evaluated from the top down during provisioning. You can change each one of these as required by your security policies.
Here are some of the default naming formats:
Person.PreferredName + '.' + Person.LastName
This results in john.doe
Person.PreferredName + '.' + Person.LastName
This results in john.doe
Person.PreferredName + '.' + Person.LastName + '1'
This results in john.doe1
Person.PreferredName + '.' + Person.LastName + '2'
This results in john.doe2
Person.PreferredName + '.' + Person.LastName + '3'
This results in john.doe3
Person.PreferredName.SubString(0,1) + '.' + Person.LastName
This results in j.doe
Person.PreferredName + '.' + Person.LastName.SubString(0,1)
This results in john.d
Person.PreferredName + '_' + Person.LastName
This results in john_doe
Person.PreferredName + Person.LastName
This results in johndoe
Employment.EmployeeNumber
This results in 001234
The logon name value that is used during provisioning is available to be used in other mappings via the User.userPrincipalName or User.userPrincipalNamePrefix field.
In the example below the Mail mapping references the User.userPrincipalName field to define the user's mail attribute value.
User.userPrincipalName
In the example below the Mail mapping references the User.userPrincipalNamePrefix field to define the user's mail attribute value.
User.userPrincipalNamePrefix + "@example.com"
User Logon Name Suffix
The User Logon Name Suffix rule is used for the UPN suffix. UPN suffixes form part of Active Directory user logon name.
For example, if your logon name is john.doe@example.com, all the text to the right of the at sign, including the at sign, is known as the UPN suffix (so, in this case, @example.com).
You can use a simple or conditional expression to set the value that should be used.
In this example, the employee's company code is evaluated and the user name suffix is set based on their company code.
Comments
0 comments
Please sign in to leave a comment.