It may become a challenge to achieve mapping the logging user manager's claim assertion with the Kace user's manager field, as it is not intuitive as mapping a claim with any other user's field.
This will depend on the configuration that is going to be explained in this KB article.
The content in this KB article does not include how to configure SAML authentication with Kace.
The appliance takes the value in the manager assertion and has to look up the USER table for that value.
It requires to know what field name to compare it with. So the appliance uses the Primary Key for that.
The 2 requirements to properly map the user's manager info with the appliance user field are:
IF the primary Key is the login: 'samaccountname'
Then the claim value that needs to be sent will be: 'claim:managersam' (Manager Samaccountname).
Example 2:
IF the Primary Key is login: 'samaccountname'
The claim value should be the Manager login. But if the manager user imported in Kace login information is his email address, then the claim value to be used is 'claim:manageremail' (Manager email Address).
This scenario may cause confusion, so it is recommended to keep the same login information type for all the users imported in Kace.
Example 3:
IF the Primary Key is the Primary Email: 'mail'
Then the value that needs to be sent will be: 'claim:manageremail' (Manager email Address).
While it is true that the 3 examples mentioned above stand for the most logical attributes that can be used as primary key (PK) since the same usually are unique attributes given to users. You can also pick any of the other attributes as PK.
You can verify what attributes are been sent from the IDP to the appliance with the SAML Chrome Panel extension. This allows you to go to developer tools (F12) and get a SAML section.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité Cookie Preference Center