Support for webapp authentification with AD account but without domainname in user string

Benjamin · February 5, 2026, 12:54pm

Hi,

I’m facing an issue with some admin websites (Trello, HP Sure Click, RICOH Streamline) where authentication is done using an AD user without the domain name.

In NPS, the managed account is in the format DOM\USERNAM-nps, but the web applications only accept USERNAME-nps

I tried modifying the login template according to the documentation below:
https://docs.netwrix.com/docs/privilegesecure/25_12/admin/interface/activities/activity/activityloginaccounttemplates

However:

If the template includes the domain, the username matches but the web app login fails.
If the template excludes the domain NPS cannot find the managed account.

The web app resource is associated with the domain and the activity definition too via the platform.

Has anyone faced a similar issue or found a workaround?

Regards,
Benjamin

dpiazza · February 5, 2026, 2:44pm

Hi Benjamin,

You can add a custom PowerShell step to the activity’s pre-session that will strip the domain from the account name.

$activitySession = Get-SbPAMActivitySession -Id $SessionId
$LoginAccount = $UserCredentials.Username -replace '^.*\\', ''
Set-SbPAMActivitySessionLoginAccount -SessionId $SessionId -LoginAccount $LoginAccount

This works with a managed account activity where the account template is %targetdomain%\%samaccountname%-NPS, as you described.

The end result is that the session will use a log-in account of %samaccountname%-NPS.

Please let me know if this helps!

- Dan

Topic		Replies	Views
PPE - restricted characters question Discussions & Questions password-policy-enforcer , question	6	71	August 16, 2025
Mix of users for service and SQL Ideas password-secure , new , ideas	0	23	June 5, 2025
Bulk Enrollment for users in dark site with email Ideas new , ideas	0	15	August 18, 2025

Support for webapp authentification with AD account but without domainname in user string

Related topics