On the Account Mapping page, configure how the login information is mapped to the application’s user accounts. The options are as follows:

  • Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on Active Directory user attributes. Specify an Active Directory field such as mail or userPrincipalName.

    For Web - User Password applications, selecting this option allows an additional option to let Active Directory users log in using Active Directory credentials. Select the Use the login password supplied by the user (Active Directory users only) option for every Web - User Password application that you want users to log in to using Active Directory credentials.

  • Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account.
  • Prompt the user for their user name: Use this option if you want users to supply their own user name and password. The first time a user launches the application, he enters his login credentials for that application. The Privileged Access Service stores the user name and password and the next time the user launches the application, the Privileged Access Service logs the user in automatically.
  • Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script:
  • LoginUser.Username = LoginUser.Get('mail')+'.ad';
  • The above script instructs the Privileged Access Service to set the login user name to the user’s mail attribute value in Active Directory and add ‘.ad’ to the end. So, if the user’s mail attribute value is Adele.Darwin@acme.com then the Privileged Access Service uses Adele.Darwin@acme.com.ad. For more information about writing a script to map user accounts, see the User-password application scripting.