Follow

Manually Mapping Detect for O365 and Network Accounts

There are 2 ways to link accounts, automatically using AD context, which we recommend, or manually by specifying the domains to map to specific realms.

Read on AD context auto mapping here

https://support.vectranetworks.com/hc/en-us/articles/360058413713

The manual mapping works by linking cloud & network accounts that have the same username by mapping Kerberos realms to cloud domains.

 

How to configure

Go to Settings -> Cognito Saas -> Account Association.

If a cloud domain is the same as a Kerberos realm, you will still need to map these together.

 

mceclip0.png

--

Network Accounts

Network Accounts are found in Detect by analyzing the client field in Kerberos transaction logs. (These can be inspected in Recall).

The format in Kerberos is primary/instance@realm:

  • Primary: If the Principal represents a user in the system, the primary is the username of the user. Alternatively, for a host, the primary is specified as the string, "host".

  • Instance: The instance can be used to further qualify the primary, for example, user/admin@foo.abc.com.

  • Realm: This is your Kerberos realm, which is usually a domain name in upper case letters. For example, the machine foo.abc.com is in the ABC.COM Kerberos realm.

Accounts are represented in Detect as "Primary@realm", which will map closely to an email address.

O365 Accounts

O365 accounts are linked to the UserPrincipalName in Azure AD.

 

 

Was this article helpful?
0 out of 0 found this helpful

Download PDF

Have more questions? Submit a request

0 Comments

Article is closed for comments.