Is there any way to stop BFI forcing the need for a full email type username to login?
Users in my environment are using the BigFix Console, Web Reports and compliance and with all three tools the login is simple - Console uses session credentials, WR & SCA use the Domain Login Name from the AD (e.g. bey9xxx) yet on BFI I’m forced to make them use an incredibly long username that consists of the Domain Login Name + @[insert incredibly long domain address here].
Ideally I would like to just use the Domain Login Name like the other tools.
Change the definition of your Directory Server to “Other”. Then change the Login Attribute to “sAMAccountName”. Test the connection and save it.
If you previously enabled User Provisioning, you should be good to go. If not, create new BFI users with user names that match your domain login names, and associate them with the correct roles.
You can then delete the unneeded users. Note that Saved Reports are associated with the previous user, so you may want to make backup copies as the non-ldap administrative user, and make them public so the “new” users can still see them.
1 Like
I’ll give this a shot and let you know. Creating local users unfortunately isn’t an option though but I’ll deffo trythe first method.
In all likelihood, you’re using User Provisioning - this configuration has BFI automatically create local users as soon as they login the first time, based on membership in the assigned AD security group.
You’ll still potentially have the problem of saved reports needing to be copied for the new short-named users.
Perfection! This fixed the issue - now users can login with short names. I jest need to make sure now that when new users are added to the correct AD group that they have access given correctly 
I’m lucky, this is a fresh set-up so I’m the only user for now and nothing has been set up report wise 
