ADSelfService Plus' latest build 6118 released with a minor issue fix
Hello everyone, ADSelfService Plus' new build, 6118, fixes the following issue. Issue Fix : An issue in renewing the SAML certificate when ADSelfService Plus is the identity provider has now been fixed. How to update? You can update to the latest build
Option to choose OU and Group while configuring the Policy
Currently, while configuring the Policies we are able to see two options: OU and Group. By the current design, we have an "OR" between these two objetcs, so when we select one Group and one OU, the ADSS will get all the users inside the OU and all the
Blank page with ADSSP login script at logon
Hello, Some users are using XenApp desktop over Windows 2012R2, and when they logged in, they experienced a blank page which can't be close without killing the process. The blank page is the login script to ask users to register. Even if they killed the
remote connection into postgres db / summary report
our organization has a need to provide data for how many password changes, resets, unlocks were handled monthly. how can we configure the postgres db running on the selfservice so that we can log in remotely to run a query? alternatively, can manageengine
Is ADSSplus working with Windows Hello (Pin-code) ?
Hello, im testing ADSSplus for MFA for endpoints (Windows 10). I configured all settings, and its work nice, when user enter a password then he need to finish 2nd FA. But i want to setup PIN-code + mfa from ADSSplus and when user enter pin code he does
[Webinar] Underrated features of ADSelfService Plus
Hello, How many of the powerful features in ADSelfService Plus are you actually using? Tune in to our free webinar to find out. In just 45 minutes, our Product Expert will take you through the underrated features you can utilize to make IT administration
[Online seminar] Tips and tricks to enhance IT security. Register now.
Hello, Does your organization have measures in place to nullify internal threats? Are your applications, resources, and business-critical information safe from external threats, particularly in a hybrid workplace model? Don't worry. We have you covered.
TFA is not enabled for this user
I have had ADSelfService Plus deployed to all of our PCs so users can unlock their own account and reset their passwords. Recently, I have decided to enable MFA on any PC or server where a Domain Admin logs in. I have the policy set up and it works on
Secure helpdesk user verification
The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is likely when using security questions, it is much less common if multi-factor authentication is used. A much needed feature in
Users reciving duplicate email-id error when trying to enrol
Users the already have their email attributes configured in AD recieve the following when trying to enroll for SSPR functionality. "Duplicate email-id found. Kindly provide a unique one.' Is there anyway of either auto enrolling users that already have
ADSSP Dasboard view doesn't display desired information
The ADSSP dashboard by default only shows the current month Audit Reports (i.e. Reset password, Unlock accounts, change password, etc) However, there is no option provided for the Admins to make it show the total usage of it in the entire year. It only
Opening a preventative ticket in advanced before upgrading builds
Hi, I was wondering before I do an upgrade on my build, am I able to open up a ticket in advanced in case anything were to go wrong during my upgrade? This is so that I would have a ticket number already established and I would bypass the initial waiting
ADSelfService Plus feature highlights from 2021
Season's greetings! With 2021 nearing its end, we are writing to take you through the top features introduced in ADSelfService Plus that make it a more comprehensive self-service password management, MFA, and SSO solution. Here are some of the major
How to change the email/sms template for OTP verify
Hi all, I am trying to find the configure to change the content of email/sms with OTP code. Now every time I add new email/mobile number and click verify, the email with OTP will be like this: "We received an enrollment request to use this email address
Clients installed via GPO don't show as installed in ADSSP
Hello, I have a logon script that checks if the ADSelfService Client is installed; if not, it runs the .msi silently via command line. This works just fine, and after logging in the client is successfully installed. However, when I navigate to GINA/Mac Installation -> Installed Machines, no new computers are shown. As far as I can determine, if the client is installed any way other than manually or via the ADSSP "New Installation" tab, the machine doesn't show as having a working client. Despite
Error message when installing ADSelfService Plus Service Pack
I'm updating ADSelfService Plus with service pack ManageEngine_ADSelfService_Plus_6_1_0_SP-1_6_0 and received error message during pre-validation: "Can't create/write to file "file path" #sql_1f18_0.MYi (Errcode: 2) I need to install this update due
How to have the support service escalation?
Hi all, Could you please to share me the contact for support escalation? I have a critical issue and pending 2 months without solution or feedback from supported. Thanks.
Changing password by ADSelfservice, then how to sync to laptop without local connection
Hi everyone, I am using ADSelfservice Plus for the user to change and reset the password (Web, Mobile App as GINA as well). Normally, user can use ADSelfservice to change the password if they are not in office, and the password will sync from AD to their
ADSelfService Plus' latest build 6117 now supports Azure AD MFA
We are excited to announce the release of ADSelfService Plus' new build, 6117, with the following updates. Highlight : Azure AD MFA support: Azure AD MFA can now be used for identity verification during self-service reset/unlock; self-service portal login;
ManageEngine's first-ever Live Online Expert Panel is here. Register now.
Hello, We are thrilled to invite you to our first-ever Live Online Expert Panel on November 17. Technology evangelists from ManageEngine will share their take on Why Active Directory (AD) is the most important cybersecurity tool of an organization.
ADSelfService Plus' latest build 6116 released with some security fixes
Important announcement: ADSelfService Plus 6116 has been released with the following issues fixed. Security Issue Fixes : All the API endpoints have now been strengthened to be more secure. A security vulnerability which allowed performing unauthenticated
AD Manager Plus
We are in the process to evaluate AD Self Service Plus. Our setup works fine for Windows machines however for MAC machines endpoint MFA, after entering username and password, MFA pop up comes as blank. While the reset and unlock screen works as expected
MFA for VPN doesn't accept Google Authenticator OTP
Dear Community, as I don't get an answer via Ticket, hopefully you could help me. I configured and installed everything accordingly to https://www.manageengine.com/products/self-service-password/help/admin-guide/Configuration/Self-Service/mfa-for-vpn-logins.html
Mobile App not working since Build 6114
Hello Everyone, Since updating to Build 6114 the mobile App stopped working on our End. After typing in the Server Configuration, the Connection can be established. unfortunately, we get an "unexpected error" when trying to reset the password while the
Skip MFA when ADSelfService is down does not work for OWA login MFA
We had to shut down our internal AdSelfService server for maintenance and this is what our users were greeted with when they tried to log into Exchange. No one could bypass the MFA error page despite us having the bypass checkbox selected.
How to mass-enable Endpoint MFA on client PCs
Hello, we are trying to roll out Endpoint MFA to all of our Windows computers. I've configured the policy settings we need but am looking for a way to mass-enable Endpoint MFA in the installed agents. From official documentation I am reading that for
Use ADSelfService Plus GINA agent without VPN to change cached credentials
Is it possible to configure a GINA agent so that it changes a cached credential but doesn't require VPN connectivity?
New Login screen --> traductions not working
In the new login screen in 6114 i can see "enter your password ..." switching to french language, this message is not translated I ve also modified the properties file to translate by myself, but it's not working Thanks
Mobile App vulnerability
Adding to the vulnerability reported in https://pitstop.manageengine.com/portal/en/community/topic/adssp-mobile-app-does-not-follow-the-mfa-for-reset-unlock The enabled setting: Self-Service > Multi-factor Authentication > MFA for Reset/Unlock > MFA for ADSelfService Plus Login When using Change Password on the Web-browser of a laptop/desktop, this bring a MFA option to go through which is good and needed. However, when performing Change Password from the mobile app, there is No MFA requested..
ADSelfService Plus 6114 Security Fix Release
Important announcement: The latest build of ADSelfService Plus, 6114, has been released, and it fixes the authentication bypass vulnerability [CVE-2021-40539], apart from bringing new features and improvements. Below is a list of all the updates:
FBI, CISA, and CGCYBER strongly urge organizations ensure ADSelfService Plus is not directly accessible from the internet
I am reading the following on https://us-cert.cisa.gov/ncas/alerts/aa21-259a FBI, CISA, and CGCYBER strongly urge organizations ensure ADSelfService Plus is not directly accessible from the internet. But then the solution isn't accesible for the users
Unnecessary change introduced in latest Build 6114
the latest build 6114 is causing users to enter and re-enter CAPTCHA code twice instead of once, which was working fine in the previous build. Also, the first attempt to log in does not even present the option the type in the password. Please see attached
ADSelfService Plus' latest build 6115 released with some security fixes.
Important announcement: ADSelfService Plus 6115 has been released with the following issues fixed. Issue Fixes : When a custom attribute's display name containing \ or " was added to the employee search display column, no results were returned for an
ADSelfService Plus 6112 Hotfix Release
Hello everyone, We are glad to announce the release of build 6112 with the following enhancements and issue fixes: Enhancements : Mac Agent support has now been introduced for macOS Big Sur. Mobile app support to block specific email domains and mobile
ADSelfService Plus 6113 Hotfix Release
Hello everyone, We are glad to announce the release of build 6113 with below issue fixes: Issue Fixes : An issue which restricted users with special characters in their passwords from logging in to the portal via the mobile site has now been fixed. An
Implementing MFA with VMware Horizon View using Radius authentication
I am curious to know if there is a ay to use ADSSP's MFA with VMware Horizon View virtual machines. I know GINA does not work for instant clones, but I was curious if using the RADIUS setup with ADSSP and configuring Horizon View to use RADIUS would work.
Password Sync tool
Sentionalone is quarantined passwordsync tool on domain controller ,firstly it is unsigned exe second its trying to change Registry its being quarantined.
Upgrade failed to _6_0_0_SP-9_9_0
Dear Team, I am using version build 6008, downloaded https://www.manageengine.com/products/self-service-password/5311766/ManageEngine_ADSelfService_Plus_6_0_0_SP-9_9_0.ppm to upgrade. I got the message that the upgrade process was failed and uninstall
ADSSP Client and Duo Logon
We currently use Duo Logon (Windows/Mac/Linux) for 2FA on all end points because it has an "offline" option on Windows and Linux as well as supports RDP and SSH, which ADSSP Client MFA does not support. However, we would like to add the ADSSP Client
Technicians with some admin functions
Hi, Is there any way to give admin functions to technicians without give admin profile? e.g. massive enrollment by csv. And we have 2 domains but if I set a domain user as a technicias, he only see his domain. Is there any way to see both domains with
Next Page