General
The General Sponsorship Settings to configure specific DN settings for sponsored account placement, uniqueness, along with sponsored account conventions and allowed actions.
 |
Field Name | Description |
|---|---|
Placement Container DN | Container to search for uniqueness when creating new sponsored accounts. For instance, if JSmith already exists in this container the new sponsored account would be created as JSmith1. This value should match the value specified in the System Settings panel for Authentication Container DN to avoid any namespace collisions. |
Uniqueness Container DN | Container to search for uniqueness when creating new sponsored accounts. For instance, if JSmith already exists in this container the new sponsored account would be created as JSmith1. This value should match the value specified in the System Settings panel for Authentication Container DN to avoid any namespace collisions. |
Sponsored Account Search Base DN | Search base when looking for sponsored accounts. |
Sponsored Account Search Filter | LDAP filter showing how to find sponsored accounts. |
Maximum Expiration Days | Maximum number of days a sponsored account can go without recertification before expiring. The default value is 90 days and the maximum number is 999 days. |
Require Expiration Dates | Determines if expiration date are required or optional. |
Require Email Address | Determines if the Email address is required. |
User Object Naming Convention | This option controls how sponsored account usernames are generated. Two options are available out of the box. Forward and Reverse.
|
User Object Naming Prefix | Text value to append before the username of newly created sponsored accounts. For instance, if Spons- was supplied for this value a new account might look like this: Spons-JSmith. Keep in mind that in most cases users will login to systems with this account and some systems may have limitations on length and what characters are supported. |
User Object Naming Suffix | Text value to append after the username of newly created sponsored accounts. For instance, if -Spons was supplied for this value a new account might look like this: JSmith-Spons. Keep in mind that in most cases users will login to systems with this account and some systems may have limitations on length and what characters are supported. |
Preload Sponsors | Enable or disable the preloading of sponsors in sponsor chooser dialogs. Only enable if the number of sponsors in your organization is relatively small |
Preload Sponsored Accounts | Enable or disable the preloading of sponsored accounts when visiting at Roles Tab. |
Enable Wildcard (*) Searches | Enable or disable the preloading of sponsored accounts when visiting at Roles Tab. |
Enable Wildcard (*) Searches | Enables/disables the ability to do wildcard searches in any tab. |
Access Control | Can be one of three types: None; Role-based; or Attribute-based. Selecting either Role-based or Attribute-based triggers fields to define roles or attributes to determine the user population that can access the application. Role-based allows administrators to define roles to include or exclude users matching that DN of the role. Attribute-based allows users matching the LDAP filter to access the application |