Re: Add domain suffix to login requests from a specific resource.

Christopher Bell · ‎10-05-2021

We're running ISE 3.0 and we have a requirement to add the domain suffix to usernames when authenticating to a specific resource (RADIUS). The resource will be VMware Horizon servers and we'd like for the users to be able to input JUST their username and then we will append the domain suffix when authenticating it against AD. We don't want this to be global, only when authenticating to the Horizon servers. Any suggestions on how to do this or if it's even possible? I found the rewrite rules under the AD integration but that's global it would seem.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

ComputerRick · ‎10-05-2021

Are those users members of the same domain that ISE is joined to?
Have you tried having those users authenticate w/o the full domain using just their username, I suspect that it may work.

You could also have users put the @ sign (or other character) at the end of their username, and then create a rewrite rule based on [IDENTITY]@ that rewrites it as [IDENTITY].[DOMAIN] or whatever structure you need, requiring only an additional character from the user, but applying the rewrite to fulfill your needs.

HTH and please mark the solution you find.

Add domain suffix to login requests from a specific resource.

Resource Connector server domain format update

Domain Name System (DNS) Guided Resource

Secure Access Resource Repository

Catalyst Center Resource Repository

Secure Firewall Resource Repository