Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Which information from Active Directory does Rublon MFA read and how does it use it?

            Modified on Tue, 28 Apr at 10:14 AM

            Rublon MFA reads different attributes from Active Directory. All connectors, as well as Rublon API, need cn and mail. In addition to that, depending on your integration and the connector you use, Rublon MFA may need to read other attributes.


            Remote Desktop Services

            If the SendUPN value in your Rublon MFA for Windows Logon & RDP configuration is set to 1, Rublon MFA for Windows pulls the user’s phone number from Active Directory and sends it to the Rublon API.


            In the case of the following connectors:


            Next to the username and email address, Rublon MFA also reads the userPrincipalName to identify the user.


            Cloud Apps via SAML

            In the case of integrations done via the Rublon Access Gateway using the SAML 2.0 protocol, Rublon MFA retrieves attributes and prints them in the Users table. 


            To perform SAML transactions with the service provider, the Rublon Access Gateway reads the attributes defined by the administrator in the Authentication Source tab. These attributes are usually cn, mail, and sAMAccountName. An administrator can configure the Rublon Access Gateway to additionally retrieve some other attributes if necessary, e.g., integration with ParkMyCloud also requires sn and givenName attributes, and so on.


            VPNs via RADIUS

            In the case of integrations done via the Rublon Authentication Proxy using the RADIUS protocol, Rublon MFA needs username_attribute and email_attribute. You can configure username_attribute and email_attribute to retrieve different Active Directory attributes from the default ones. Still, the default corresponding attributes are presented in the following table.


            Rublon Authentication Proxy Configuration Option

            Corresponding Active Directory Attribute (By Default)

            username_attribute

            sAMAccountName

            email_attribute

            mail


            In addition to that, Rublon MFA reads the memberOf attribute to check security_group_dn.


            Helpful Links

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0