Allow Username OR Email Address for PortalGuard Login

Problem:

Allowing both username and username@domain format to login to PortalGuard

Solution A:

-          Edit the User repository

-          To move forward, you will need to determine which field in AD you will use for the username@domain format.  The steps below Assume userPrincipalName, but you may wish to use the mail field or something else. 

Steps for Solution A:

                     I.            Open the PortalGuard Configuration Editor

                   II.            Under ‘User Repositories’ edit the repository that this will apply to.

                 III.            Navigate to the ‘LDAP Advanced’ tab

                IV.            Update the ‘Login Field’ to use userPrincipalName

                  V.            In the section below, update the ‘User Search Filter’ by clicking the View/Edit button

                VI.            Update the Search filter to the following:

                                                                           i.      (&(|({LOGIN_FLD}={USER})(sAMAccountName={USER}))(objectclass=person)) 

1. This will set the default login field attribute to userPrincipalName but allow users to login with sAMAccountName as well.  Alternatively, you may leave the ‘Login Field’ set to sAMAccountName and update the Search filter to include userPrincipalName for the same result.

               VII.            Click ‘Apply to PortalGuard Server’

             VIII.            Click ‘Sync’

                 IX.            From an elevated CMD, run the following command:

1. Iisreset

                   X.            Browse to your PortalGuard website and attempt to login with the username@domain format and enroll the account if necessary.  Once you have successfully logged in to PortalGuard, log out and then attempt a login with the same account, but using the sAMAccountName instead (i.e. username). You should not be prompted to enroll again.