Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

User self-service

Prefill the user name

search

Prefill the user name

Prefill the user name

There are several ways that you can allow the user name on the login screen to be filled automatically:

Remember me

Instruct your users to use the Remember me on this device option. This option sets a browser cookie and skips entering the user name.

The user needs to set up this option at least once on every device that they use to access a resource.

Remember me

Kerberos ticket

In Active Directory integrated environments, when Integrated Windows Authentication (Kerberos) authentication is allowed in a policy, a Kerberos ticket can prefill the user name or auto-submit to the next step.

This option requires some browser settings that should be published via a software configuration system or group policies. Kerberos is treated as a substitute for entering a password in STA access policies.

User ID Management

Custom SAML request attribute

For some SAML applications that are integrated with STA, you can use a custom SAML request attribute to preset and submit the user name.

You need to enable functionality on the SAML application in STA, using the Enforce User Name setting. Only some of the SAML applications that you can select on the Applications page include this option.

Enforce user name

You also need to modify the SAML request to include the requested user name. This is a custom implementation, because SAML doesn't specify a standard. You need to validate this custom implementation with the SAML service provider to determine if including the user name is possible.

The following example shows a SAML request that includes the requested user name:

<samlp:AuthnRequest Destination="https://idp1.cryptocard.com/idp/profile/SAML2/Redirect/SSO"
        Version="2.0" IssueInstant="2016-02-24T15:45:55.325Z"
        ID="ID112bf5b0e4169930b663f2d89e62c521fc2f1b8133598fa2ff"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://saml-service-provider.com/safenet/640d3755-e080-4a87-8f7f-91795e78c08d</saml:Issuer>
    <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">jdoe@mysecureauthentication.com</saml:NameID>
    </saml:Subject>
</samlp:AuthnRequest>

OIDC login_hint

Any OIDC application that contains a login_hint in the request prefills the user name. You don't need to enable this functionality separately.

http://sasidp.com:9209/auth/realms/DFCYFPHYYN-STA/protocol/openid-connect/auth?response_type=code&client_id=OIDC_client&redirect_uri=https%3A%2F%2Fdemo.c2id.com%2Foidc-client%2Fcb&scope=openid+email&state=XvcK8RPWyxmXqhTX4nhiIdwRhprdmPAwW0efkoU-5AA&nonce=0nAmahzcyIXOF_1XnIg3bLlZvsyFBdCUpa_ZwU9xbIw&display=popup&login_hint=user_name