Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6187: How to configure or restrict attribute matching for the Centrify cloud connector

Centrify Identity Service, App Edition ,   Centrify Privilege Service ,  

12 April,16 at 11:01 AM

Applies to: Centrify Identity Service, Centrify Privilege Service
 
 
Question:
 
What Active Directory attributes does Centrify look to match during user login? Is it possible for the user
to log in with their e-mail address or other attribute as stored in AD? If so, which attribute can be used?
 
 
Answer:
 
When a user is authenticated by the Centrify cloud connector, the connector will attempt to match the
following user attributes in the indicated order:
  1. UserPrincipalName
  2. Mail
  3. sAMAccountname

Administrators can configure the cloud connector to look for any combination of the above attributes
when matching a user by adding and configuring following registry DWORD values:
  • FindUserByUpn
  • FindUserByEmail
  • FindUserBysAMAccountName
 
As example, administrators could disable user matching by UserPrincipalName by adding the
FindUserByUpn registry entry with a value of "0". If these registry values are not present, the connector
will use “enabled” (1) by default.


Add the registry value:
  1. Launch registry editor (regedit) and navigate to HKLM\Software\Centrify\Cloud\
  2. Create a new DWORD (32-bit) value with the name of one of the above registry values – example: FindUserByUPN
  3. Set value to “0” to disable lookup and set to “1” to enable lookup. The value will display in regedit as 0x00 (0) or 0x01 (1)
  4. Add additional attribute values as desired for sAMAccountname or Mail
  5. Restart the cloud connector service

User-added image

User-added image

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.