Auto User Creation - API
Hello there! ADSS is able to auto create users (quick enrollment) with some options, but they are not really quick. So I've request for a feature to allow using some API/script to enroll users. In our environment, we use a script to create the user in
No language selection option in Change Password & Enrollment process web-page
Hi ManageEngine In the ADSSP web-portal, there is no language option offered for a user to select from during the Change Password & Enrollment page. This is has been noticed and reported earlier through some Support case with ManageEngine technicians.
Password Requirements on Change/Reset Password Pages
Hello - We're in the process of updating the password requirements for the domain we have ADSSP sync'd to (8 to 12 char minimum, 90 day change cycle, etc.). As it sits, the existing page doesn't even match our current policy. We were under the impression
ADSSP sends Email notification even to excluded OU & its sub-OUs
Hi ADSelfService Plus Team, Enrollment Notification email is setup & configured to be sent to specific OUs in every domain. The OU and sub-OUs which should not be receiving the Enrollment notifications have been excluded in the ADSSP Portal. However,
ADSSP cannot identify if user account is moved from one OU to another
ADSSP provides a good feature of Restricting user accounts that are in specific OUs. The schedule scan works fine. But there are situations, an account that was placed in the Restricted OU is moved to another OU which isn't set as restricted in ADSSP.
[ManageEngine] Register now for our free ADSelfService Plus Online training series.
Hello, ManageEngine is back again with another series of online workshops to help you make the best use of our integrated password management and single sign-on solution- ADSelfService Plus. This free live online training will be your guide to eliminate
AD SelfService Plus with MSA
Hello, We have already deployed AD Selfservice PLUS and it is running as a service using a local account on our server. We were trying to maintain security by migrating the service to use an MSA for password resets rather then using a generic service
SelfService App XML?
Hi, We are pushing out iPads to a number of mobile users and want to have the AD Self Service Mobile App installed on each device through our MDM application catalog. In addition we want to make sure the app is deployed pre-configured with the server settings already set so there is no user setup required. Is that do-able? XML config possibly? Best Regards, Brian Mansfield
[ManageEngine] Your exclusive invite to our Cybersecurity and IAM online seminar.
Hello, We are happy to invite you to be a part of our Cybersecurity and IAM online seminar - Shield Virtual 2021. Hear out to our experts on how to enhance the security posture of your IT, effectively manage and monitor your hybrid AD, and much more.
ADSelfService Plus 6105 released !!!
Hello Everyone! We are glad to announce the release of build 6105 with significant new enhancements and issue fixes. Enhancements: Admins can now configure users' managers email addresses to send them notifications about user activities like self-service
Problem with installation of new ssl certificate
Hello there, I have a problem with the installation of a new SSL certificate to my ADselfservice system. Details below: csr has been generated via web tool (Admin-connection- Generate Certificate) Csr sent to CA authority - DigiCert DigiCert sent me two
INVALID_CSRF error during reset password
Hi, When I want to reset password in web page, I get this error: INVALID_CSRF_TOKEN ADSSP version: v6.0.05 DB: MS SQL I attached my screenshot. What should I do? Thanks for helping
ADSelfService Plus 6104 released with an important security fixes
Hello everyone, We are glad to announce the release of build 6104 with the following vulnerability issue fixes: Vulnerability issue fixes: A vulnerability that in rare cases allowed bypassing CAPTCHA in the ADSelfService Plus login page has been fixed.
Mail / SMS Server Settings
new to the product and in process setting up. Configuring the Mail settings using an external SMTP sever that requires SSL connection. Use same config on our backup software to alert me of backup status. Each time I enter the credentials and click save
Password complexity by number of character types
A password requirement that specifies the number of character types, rather than the number of characters of a type, would be a nice addition. For example, if you specify that there must be 3 different character types, then "Password!" would be allowed
ADSSP Free limitation
Hi, I use the ADSSP Free version to notify password expiration. It works great for 2 subscriptions, but i made a new one recently link on a group, and no mail are sent. Is there a limitation of number of subscription or on the number of users in the free
Hot to redirect HTTP to HTTPS
Hi, my adselfservice page is working on HTTPS port, and everything is working if I go to https://FQDN but if I go to http://FQDN then page is blank. Is any way to auto-redirect on adselfservice to automatically redirect to HTTPS? thanks
If service stop working what happend?
Hello, I installed ADSelfService Plus to the customer server and starts as service. Some time happned that the web console is down and I´ve looked to the service is not running (is setup for automatic startup). If I start MFA endpoind protection with
ADSelfService Plus 6103 released !!!
Hello Everyone! We are glad to announce the release of build 6103 with significant new features and enhancements. Highlight: Zoho OneAuth's OTP authenticator can be used as an MFA method to verify users' identities during password reset and account unlock
Admin activity logs feature/functionality missing in ADSSP portal
Since multiple Admins can be granted access to the ADSSP portal, it is imperative to have the ability to trace Admins activity for any kind of changes made to or in the ADSSP application. However, this feature/functionality is missing in previous builds
Mobile App vulnerability
Adding to the vulnerability reported in https://pitstop.manageengine.com/portal/en/community/topic/adssp-mobile-app-does-not-follow-the-mfa-for-reset-unlock The enabled setting: Self-Service > Multi-factor Authentication > MFA for Reset/Unlock > MFA for ADSelfService Plus Login When using Change Password on the Web-browser of a laptop/desktop, this bring a MFA option to go through which is good and needed. However, when performing Change Password from the mobile app, there is No MFA requested..
Users unable to change passwords
We have just started evaluating ADSelfService and are running into an issue where test users that have registered are unable to change their password under the Self Service tab. It lists "Domain Password Policy requirements" (which our test domain has NONE) I have also set the password strength level within the ADSelfService app to "Too short" yet still, no matter what password we change it always fails with this error: Change Password Failed The new password you chose failed to meet any or all
ADSSP Mobile App does not follow the MFA for Reset / Unlock
In recent days the mobile app for ADSSP has changed some of the functionality. One security risk which i noted is the MFA for Reset / Unlock entered in the Admin portal. We have our MFA for Reset / Unlock enabled to 3 factor authentication for reset / unlock operations. However, when performing Password Reset and/or Unlock account from the ADSSP mobile app, it doesn't follow the entered setting. It just proceeds after just 1 factor of authentication instead of the entered 3. when performing the
Issue with HA working in Build 6100
And another classic buggy application build from ManageEngine. The latest build 6100 seems to be filled with issues with every configuration being done. Configured HA in ADSSP, however it doesn't seem to work as it should Ticket #4069482 has been opened
WAF Alerts for Excesive use of Special Characters
Hello, Recently we have ADSelfservice Plus tool published in a Azure Gateway and if the enable there the WAF the notice the following rules issues. Detects basic SQL authentication bypass attempts 2/3 o Matched Data: \":10,\"T found within ARGS:NAVIGATION_DETAILS:
Yet another MAJOR BUG in ADSSP
Ticket # 4272254 raised with ManageEngine for this. Even though the settings in the ADSSP Admin portal is set to "Deny users from performing password reset/account unlock when partially enrolled", if a user has not enrolled but attempts to Reset Password
Change database IP in ADSS without configure again
Hi, We use SQL for ADSS in another server, and we are changing the IP in few weeks. Is there any way to change only the SQL server IP and not configure again the database in ADSS which doesn't permit to configure the same database name. Regards,
ManageEngine ADSelfService Plus service not starting
I am receiving the following when trying to start the service. Please advise on how to resolve this issue. Thank you, Dan
'keytool' not recognised
Hi. When I try to use the keytool command to install an SSL sertificate, it is not recognised by the command prompt. I also cant see any 'keytool' in the directory specified in the mannual. Any ideas? Thanks for your help.
ADSSP with Read Only Domain Controller
We have an ADSSP server in our DMZ that is configured to use an RODC in the DMZ for AD access. During testing, this seemed to work perfectly. However, it appears that I did NOT test the unlock account feature... And it does not work. It returns an error
Remcom.exe flagged as malicious
Dear Support Team, our AV solution flagged Remcom.exe from version 6101 as malicious - PUA Application.RemoteAdmin.RLH. A VirusTotal scan shows that this is not an exception: https://www.virustotal.com/gui/file/d7a923357aea4f9d4e65d43d3f800fa4f3b766a825be63d798f5ff35721a462a/detection
MFA On A Shared Workstation
Hello I have a few users that need to access a single workstation all using a single Active Directory windows account over RDP. Is there any way we could use MFA in this workstation? The users would already be enrolled into AD Self Service Plus themselves
ADSelfServicePlus Service Issue
Hello I have used the installer to add the Windows Service. Edited the ADSelfServicePlus "Logon Tab" and added a Active Directory account which has a Domain Admin right added . Following this guide: https://www.manageengine.com/products/self-service-password/kb/installing-adselfservice-with-windows.html
ADSelfService Plus Fixes and Enhancements [2021]
Release Notes for build 6105 (May 26, 2021) Enhancements: Admins can now configure users' managers email addresses to send them notifications about user activities like self-service password reset, self-service account unlock, password change, and enrollment.
ADSelfService Plus 6102 released with an important security fix
Hello Everyone, The latest build of ADSelfService Plus, 6102, fixes an important vulnerability reported by Krzysztof Andrusiak (STM Cyber) and Marcin Ogorzelski (STM Cyber) through our bug bounty program. Issue fix: An unauthenticated remote code execution
Forced Enrollment Scheduler keeps turning off.
The Forced Enrollment scheduler keeps turning off. I can go back in and click it to make it green and turn it on again. But at the next time it's scheduled to run, it turns off. New users are not getting the login script added to their profiles and are
Cannot start server, error 503
Hi, I have such error, version 6100: HTTP Status 503 – Service Unavailable Type Status Report Message Servlet [org.apache.jsp.jsp.showLogin_jsp] is currently unavailable Description The server is currently unable to handle the request due to a temporary
Users unable to start forced enrollment
New user here. I've been evaluating ADSP for about a week now for possible recommendation to to my clients, as I'm a self-employed computer consultant that's been in the industry for almost 40 years now. Lab setup. I'm on a Server 2019 domain. ADSP is
Mobile App issue
When performing Reset Password or Unlock Account, if the ADSSP mobile app is kept opened prior to selecting & going ahead with TOTP verification and/or QR code verification, the Mobile Auth does NOT display an alert. This causes confusion to end users which ends up with several unwanted & unnecessary calls to IT team
Secure helpdesk user verification
The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is likely when using security questions, it is much less common if multi-factor authentication is used. A much needed feature in
Next Page