Using Short UserID and Long UserID in user authentication
Users can authenticate through using different formats of their usernames, depending on how identity information is stored in services like LDAP, Active Directory, or SAML.
- Short UserID
- Long UserID
User identifiers are essential to authenticate users, and administrator must decide whether to use Short UserID or Long UserID depending on the directory and the authentication method.
Short UserID
A Short UserID is a simple username used within a domain. An administrator can configure authentication to accept short UserID by selecting the appropriate username attribute in the LDAP or SAML configuration.
| Item | Description |
|---|---|
| Format | Username. For example, John. |
| Source Attribute | Typically maps to sAMAccountName in Active Directory and cn in the LDAP Server. |
| Used in | LDAP or SAML authentication when configured to accept Short UserID. |
| Purpose | Allow users to login using their Short UserID instead of the full domain qualified ID. For example:
|
Long UserID
This is a full domain qualified ID. This can be a User Principal Name (UPN) or an email address. An administrator can configure the authentication method to use Long UserID attribute as the username attribute or Name ID to identify users consistently across identity systems. It is important in organizations that have multiple Active Directory domains or integrate identity providers through SAML or LDAP.
| Item | Description |
|---|---|
| Format | Username@domain.com or DOMAIN\username. For example, John@company.com. |
| Source Attribute | Typically maps to User Principal Name (UPN), full domain login name or email address. |
| Used in | LDAP or SAML authentication when configured to accept Long UserID. |
| Purpose | Provides a unique user identifier to ensure no conflict occurs across domains. For example, John@company.com |