Keep the upn added to the userid for multiple domain authentication
In case of a multiple domain environment, it would be nice to route the users authentication requests to the right authentication server based on their UPN (@domain.local).
Unfortunately, the Sophos XG will removef the UPN, and will only send the userid to the authentication server.
So for example, using radius proxy for sending the authentication requests to the right AD server will not work, as we can not make a routing desicion based on the UPN.
This is for many customers a big issue.
In Cyberoam OS 10.6.2, the UPN is untouched, but from releases higher than that or Sophos XG, the UPN is being removed bij the system.
Please fix this.
Kyle Winfield commented
Synchronized User ID should use or allow for the use of User Principal Name (UPN) instead of sAMAccountName. sAMAccountName is a legacy attribute that hasn't been used since Windows NT. With the implementation of Office 365 our organization was forced to add a UPN suffix in order to federate our identities and most applications now support that and use UPN for login ID. STAS is not a viable alternative as the limitations are well known (logging in with cached credentials, changing network connection type, etc).
Iain Ashley commented
I found that it does not use the UPN at all, just the SAM account name.