Cisco Cisco Intelligent Automation for Cloud 4.3.1 Installation Guide
49
Optional Tasks
Configuring Authentication
Configuring Mappings
The first task in configuring authentication is to assign mapping attributes to user data, including first and last name, login
ID, and home organization unit. Active Directory has pre-defined mapping attributes, which are used in this example.
However, there are data fields that have no specific Active Directory mapping attributes. In such cases (indicated below),
you can assign any mapping attribute that you want to the data field.
ID, and home organization unit. Active Directory has pre-defined mapping attributes, which are used in this example.
However, there are data fields that have no specific Active Directory mapping attributes. In such cases (indicated below),
you can assign any mapping attribute that you want to the data field.
1.
In the Administration module, click the Directories tab.
2.
On the Directory Integration page, click Mappings in the menu on the right.
3.
In the Mappings pane, click Add to display the Mapping Configuration pane.
4.
In the “Add or edit a mapping name” pane, specify the following information:
a.
Enter a name for the mapping. Do not use spaces or special characters.
b.
Optional. Enter a description of the mapping.
5.
In the “Configure mapping attributes” area, enter the required information in the text fields. The following table
provides examples of datasource mappings for person data. Active Directory mapping attributes are pre-defined
and case-sensitive. For information on how to form expressions, see the documentation that shipped with your
directory software.
provides examples of datasource mappings for person data. Active Directory mapping attributes are pre-defined
and case-sensitive. For information on how to form expressions, see the documentation that shipped with your
directory software.
.
6.
Click Update.
Table 1
Person Data and Mapped Attributes
Person Data
Mapped Attribute
First Name
givenName
Last Name
sn
Login ID
sAMAccountName
Personal Identification
sAMAccountName
For this data field, there is no corresponding mapping attribute in
Active Directory. In this case, you can assign any mapping attribute
you want.
Active Directory. In this case, you can assign any mapping attribute
you want.
e-mail Address
expr:#email#=(.+)?(#email#):NotExist
Home Organization Unit
expr:#department#=(.+)?(#department#):NotExist
Password
sAMAccountName
There is no mapping attribute for passwords in Active Directory.
Instead, you can map it to another attribute (in this example,
sAMAAccountName
Instead, you can map it to another attribute (in this example,
sAMAAccountName
). You can also map your own expression. For
information, see the documentation that shipped with the Active
Directory software.
Directory software.
Optional Person Data Mappings
TimeZone ID
Example:
expr:#sAMAccountName#=(nsapiuser)?(Etc/Greenwich):America/
Tijuana
Role List
Example:
expr:#memberOf#=(CN=(.*),OU=IAC,OU=Delegation,OU=Groups,OU
=Austin,OU=Texas,OU=USA,DC=companyA,DC=local)?($1):