Under Review

Allow changing the attribute used for 2FA for Active Directory users

bneste 7 years ago updated by nathaniel roudebush 3 years ago 3

If you use LDAP authentication you can tell Control to pull the token information for a user from a specific attribute rather than 'Description'. This is not an option when using Active Directory authentication and you're forced to use the user Description field. This is an issue (for us at least) and we'd rather use some other less commonly used attribute. Add the ability to change the attribute to look in.

We'd like this as well; just switching to LDAP authentication instead of Active Directory unfortunately isn't an option for us because the LDAP authentication setup doesn't seem to support filter extensions such as LDAP_MATCHING_RULE_IN_CHAIN.


This is a pretty high priority for us over here as well. As much as we love Control, if we can't get proper 2FA going without modifying the Description field, I think we might need to not renew. :\

I don't know how this isn't a thing.  Connectwise claims AD integration with 2FA but makes it impossible for 90% of companies. Seems like false advertising to me.