Dell SMA 200 Administration Manual page 176

• Verify partial DN in subject - Use the following variables to configure a partial DN that matches
the client certificate:
• User name: %USERNAME%
• Domain name: %USERDOMAIN%
• Active Directory user name: %ADUSERNAME%
• Wildcard: %WILDCARD%
13 Select Delete external user accounts on logout to delete users who are not logged into a domain
account after they log out.
14 Select Only allow users listed locally to allow only users with a local record in the Active Directory to
login.
15 Select Auto-assign groups at login to assign users to a group when they log in.
Users logging into Active Directory domains are automatically assigned in real time to Secure Mobile
Access groups based on their external AD group memberships. If a user's external group membership has
changed, their Secure Mobile Access group membership automatically changes to match the external
group membership.
16 Optionally, select One-time passwords to enable the One Time Password feature. A drop-down list
appears, in which you can select if configured, required for all users, or using domain name. These
are defined as:
• if configured - Only users who have a One Time Password email address configured uses the One
Time Password feature.
• required for all users - All users must use the One Time Password feature. Users who do not
have a One Time Password email address configured are not allowed to login.
• using domain name - Users in the domain uses the One Time Password feature. One Time
Password emails for all users in the domain are sent to username@domain.com.
17 If you selected if configured or required for all users in the One-time passwords drop-down list, the
Active Directory AD e-mail attribute drop-down list appears, in which you can select mail, mobile,
pager, userPrincipalName, or custom. These are defined as:
• mail - If your AD server is configured to store email addresses using the "mail" attribute, select
mail.
• mobile or pager - If your AD server is configured to store mobile or pager numbers using either of
these attributes, select mobile or pager, respectively. Raw numbers cannot be used, however, SMS
addresses can.
• userPrincipalName - If your AD server is configured to store email addresses using the
"userPrincipalName" attribute, select userPrincipalName.
• custom - If your AD server is configured to store email addresses using a custom attribute, select
custom. If the specified attribute cannot be found for a user, the email address assigned in the
individual user policy settings is used. If you select custom, the Custom attribute field appears.
Type the custom attribute that your AD server uses to store email addresses. If the specified
attribute cannot be found for a user, the email address is taken from their individual policy
settings.
If you select using domain name, an E-mail domain field appears following the drop-down list. Type in
the domain name where one-time password emails are sent (for example, abc.com).
18 If Technician Allowed is enabled, Secure Virtual Assist can log in as a technician role in this domain.
19 Select the type of user from the User Type drop-down list. All users logging in through this domain are
treated as this user type. The choices depend on user types defined already. Some possible choices are:
• External User – Users logging into this domain are treated as normal users without administrative
privileges.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
176