Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1270
Views
10
Helpful
1
Replies

Add domain suffix to login requests from a specific resource.

Christopher Bell
Level 4
Level 4

‎10-05-2021 06:54 AM

We're running ISE 3.0 and we have a requirement to add the domain suffix to usernames when authenticating to a specific resource (RADIUS).  The resource will be VMware Horizon servers and we'd like for the users to be able to input JUST their username and then we will append the domain suffix when authenticating it against AD.  We don't want this to be global, only when authenticating to the Horizon servers.  Any suggestions on how to do this or if it's even possible?  I found the rewrite rules under the AD integration but that's global it would seem. 

 

 

 

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
1 Reply 1

ComputerRick
Cisco Employee
Cisco Employee

‎10-05-2021 01:28 PM

   Are those users members of the same domain that ISE is joined to?
Have you tried having those users authenticate w/o the full domain using just their username, I suspect that it may work.

 

   You could also have users put the @ sign (or other character) at the end of their username, and then create a rewrite rule based on [IDENTITY]@ that rewrites it as [IDENTITY].[DOMAIN] or whatever structure you need, requiring only an additional character from the user, but applying the rewrite to fulfill your needs.

 

   HTH and please mark the solution you find.

Customers Also Viewed These Support Documents