Feature Request: Option to alias IdP username to local DS user account

[PeetMcK]

Request Summary: Create an option to add IdP username (e.g. username@fqdn.com) to the locally created macOS user (e.g. username).

Existing behavior: By default the local user's RealName (e.g. First Last) and (of course) RecordName (e.g. username) are populated.

Feature Request: Allow for the IdP username (e.g. username@fqdn.com) to be added to the local user (e.g. username) as an alias. This way when a user is forced to the Mac Login Window, they can authenticate with either their standard IdP username (e.g. username@fqdn.com) or their locally created macOS user (e.g. username).

The goal would be to allow for the most interoperable experience between the XCreds loginwindow and the macOS loginwindow.

[elflames]

adding a +1 to this feature request.

[PeetMcK]

@twocanoes I know this was on the 3.2 milestones, but with the addition of shouldDetectNetworkToDetermineLoginWindow this becomes even more of an issue. I'd very much like to retire my kludge of a script in favor of a supported solution here. One of the few features I really miss from NoMAD Login AD. Thanks!

[twocanoes]

new pref added: aliasName. This should be set to a claim in the id token, like "upn". The value in that claim will be put in as an alias for the record name, allow them to log in with it.

An example might be helpful. I set the preferences to have aliasName = "upn". I then logged in as barney@twocanoes.com. The identity token has a claimed called "upn" whose value was "barney@twocanoes.com". XCreds then added that as an alias and the user is able to login with either barney or barney@twocanoes.com at the local and mac login window.

[PeetMcK]

I can't believe I missed this when deploying the GM of 4.0. A big, big thank you here (I'm not crying, you're crying).