If DisplayName is a single string, the same string is used for the FirstName and LastName attributes. Note the following special cases for parsing this attribute for users in directory services that do not have the FirstName attribute, such as CyberArk Cloud Directory:įirstName attribute is parsed from the first string of DisplayName. The first name of the user presented in the SAML assertion to the web application. ![]() (These settings determine the user name, which is the user ID presented in the SAML assertion.) ![]() The CyberArk Identitydetermines the user ID for this user session depending on the “Map to User Accounts” setting in the Application Settings tab. The user identity presented in the SAML assertion to the web application. The following table describes those properties. The LoginUser object’s properties describe the user as he or she is presented to the web application. An example: LoginUser.GetGroupAttributeValues(“sAMAccountName”) returns the user’s groups sAMAccountName value as stored in the user’s Active Directory account. It takes as its argument a string that specifies the key of the attribute to retrieve. This function returns the values of the current user's groups specified AD attribute. Sets an attribute array named proxies that includes all values for the logged in user for the AD key proxyAddresses. SetAttributeArray('proxies', LoginUser.GetValues('proxyAddresses')) This function returns an array with all values of an Active Directory attribute with multiple values for the current user. An example: LoginUser.Get(“mail”) returns the user’s email address as stored in the user’s Active Directory account. This function returns any one of the current user’s Active Directory attributes. The LoginUser object has the following methods: If the user’s service type is LDAPProxy, the script gets the current user’s UID attribute, otherwise it uses the LoginUser.Username property. The preceding example checks to see if the user is managed by LDAP. Refer to LoginUser object for more information.Įxample if(LoginUser.ServiceType = 'LDAPProxy') If you have uses managed by different directory services (for example, AD and LDAP), use the LoginUser.ServiceType or properties to determine the user’s source directory and then get the appropriate attribute key. Not all attributes are common between directory services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |