RSA Authentication Manager Active Directory search filter

  • by

RSA Authentication Manager Active Directory search filter

When you install RSA Authentication Manager and create a identity source to search for the active directory users, you would probably want to create a search filter to prevent RSA from seeing every user in the Active Directory.

To configure a identity source you need to provide the User Base DN and the user Group Base DN. Let’s say for example our active directory is configurerd for this domain: example.com with 1200 users, but only 100 would use RSA tokens.

You could say the user base DN is: DC=example,DC=com and use the same for the user group base DN. Every user within this domain will be displayed in RSA.
Authentication manager will ‘see’ all 1200 users but can only display 500 at once, so this is to much information and makes searching a bit slower and less convenient.

So you could create a security group in Active directory, for example RSA-users and only make the 100 RSA users member of this group. Then configure RSA to filter the search for this group:

Searchfilter

Once this is applied, only users who are member of the securitry group will be displayed in RSA software.

Leave a Reply

Your email address will not be published. Required fields are marked *