We are using the email address to log into our website.  Currently, the email being put in the uid and mail attribute in ISAM.  We have a use case where we want to allow a user to change their email address.  Is there a way to change the attribute that is used to log into the reverse proxy?

We use ISIM to provision the users to ISAM and that provisioining policy does not allow the uid in ISAM to change.  My thought was if we used a different attribute to log in, then we could change the mail attribute and create the uid as something other than the email address and it could be non-changing.

Thoughts?

------------------------------
Angela Klein
------------------------------

Hello Angela,
you can easily write an INFOMAP for that. Just did it for a customer. WebSeal than uses AAC for the login. Depending on your needs, you can create the WebSeal session with whatever attribute you need. But still, there are options depending on how you do backend sso. 

Best
Jens

------------------------------
Jens Petersen
------------------------------

Original Message:
Sent: Wed February 26, 2020 09:53 AM
From: Angela Klein
Subject: Logging into ISAM Reverse Proxy with attribute other than uid

We are using the email address to log into our website.  Currently, the email being put in the uid and mail attribute in ISAM.  We have a use case where we want to allow a user to change their email address.  Is there a way to change the attribute that is used to log into the reverse proxy?

We use ISIM to provision the users to ISAM and that provisioining policy does not allow the uid in ISAM to change.  My thought was if we used a different attribute to log in, then we could change the mail attribute and create the uid as something other than the email address and it could be non-changing.

Thoughts?

------------------------------
Angela Klein
------------------------------