User Logon Name

The User Logon Name rule is used to define how the cn, userPrincipalName and sAMAccountName LDAP attributes will be defined during user provisioning. 

This rule allows you to specify multiple naming formats to use for scenarios where the user's logon name may already be in use by another user. Remember that each user logon must be unique, so be sure to provide additional naming formats to avoid a conflict and failure point.

If required, you can use different formats for sAMAccountName and cn (Common Name) as shown below.

Connect to AD will load default naming formats, which are evaluated from the top down during provisioning. You can change each one of these as required by your security policies.

Here are some of the default naming formats:

Person.PreferredName + '.' + Person.LastName

This results in john.doe

 

Person.PreferredName + '.' + Person.LastName

This results in john.doe

 

Person.PreferredName + '.' + Person.LastName + '1'

This results in john.doe1

 

Person.PreferredName + '.' + Person.LastName + '2'

This results in john.doe2

 

Person.PreferredName + '.' + Person.LastName + '3'

This results in john.doe3

 

Person.PreferredName.SubString(0,1) + '.' + Person.LastName

This results in j.doe

 

Person.PreferredName + '.' + Person.LastName.SubString(0,1)

This results in john.d

 

Person.PreferredName + '_' + Person.LastName

This results in john_doe

 

Person.PreferredName + Person.LastName

This results in johndoe

 

Employment.EmployeeNumber

This results in 001234

 

The logon name value that is used during provisioning is available to be used in other mappings via the User.userPrincipalName or User.userPrincipalNamePrefix field.

 

In the example below the Mail mapping references the User.userPrincipalName field to define the user's mail attribute value. 

User.userPrincipalName

In the example below the Mail mapping references the User.userPrincipalNamePrefix field to define the user's mail attribute value. 

User.userPrincipalNamePrefix + "@example.com"

 

User Logon Name Suffix

The User Logon Name Suffix rule is used for the UPN suffix. UPN suffixes form part of Active Directory user logon name.

For example, if your logon name is john.doe@example.com, all the text to the right of the at sign, including the at sign, is known as the UPN suffix (so, in this case, @example.com).

You can use a simple or conditional expression to set the value that should be used.

In this example, the employee's company code is evaluated and the user name suffix is set based on their company code.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.