Witness Anywhere: FAQ

WitnessAnywhere extends the capabilities of WitnessAI to ensure enterprises maintain full observability
and control over AI applications, even when employees are working outside the corporate network.
In today’s hybrid and remote work environments, employees frequently operate from locations that
bypass enterprise proxy or SSE infrastructure. Witness/Anywhere bridges this gap by providing a
seamless, reliable

The registration script retrieves the local account username and matches it against the Username field in the user records stored in the WitnessAI Console.

Note: Email attribute is not used for Non-AD Joined Devices.

The registration script extracts the local account username and constructs the corresponding email address by appending the configured Active Directory (AD) domain (i.e., username@domain).

Both the username and the constructed email are then sent to the registration server. For registration to succeed, either the username or the email must match an existing user record in the WitnessAI Console.

Example: If the local account username is john.doe and the AD domain is witness.ai, the resulting email sent to the registration server will be john.doe@witness.ai.

For Windows devices that are Microsoft Entra Joined, the registration process uses the local account username and retrieves the email address from the registry key created by Entra.

Note: This method is not applicable to Entra Hybrid Joined devices.

User accounts can be created directly within the WitnessAI Console by specifying the correct username and email values. Alternatively, a SCIM integration with the identity provider (IdP) can be configured to automatically synchronize user attributes such as username and email into WitnessAI. You will find SCIM integrations in the “Network: IdP” documents below: