ManageEngine Pitstop | Community and Support forums

• Multiple MFA Providers for ENDPOINT VPN

  Currently we can only select one method for endpoint VPN, i.e either Microsoft Authenticator or Google one or RSA etc. We want to give users privilege to be able to use any of the enabled MFA methods.

• Admin activity logs feature/functionality missing in ADSSP portal

  Since multiple Admins can be granted access to the ADSSP portal, it is imperative to have the ability to trace Admins activity for any kind of changes made to or in the ADSSP application. However, this feature/functionality is missing in previous builds

• Integration of ADSelfService Plus with WhatsApp Gateway

  I would like to know how to integrate WhatsApp with Adselfservice plus to send the code instead of SMS.

• Request add more method for support 2FA

  1. Mobile Authenticator of ADselfservice or 3rd party 2. Multi-protocol security key such as yubikey by yubico | https://www.yubico.com/products/yubikey-hardware/ 3. FIDO2 for passwordless authnticate https://fidoalliance.org/fido2/ Thank you for build great app and great support.

• MFA authentication factors - default factor and mandatory factor

  Hello, We would like to configure a default MFA authenticator factor (exemple : code send via email) the first time a user access the portal and after that a mandatory factor (exemple : OTP from an app or Yubikey), becasue we force a user to enroll a

• Connect ADSelfService with Azure AD

  Hi there, There is a way to connect directly to Azure AD without an OnPrem AD. I cannot connect ADSelf Service with Azure AD. If you have done this please share the steps. BR

• Secure helpdesk user verification

  The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is likely when using security questions, it is much less common if multi-factor authentication is used. A much needed feature in

• Spring4Shell in ADSelfservice Plus

  Searching my \Lib folder today found the following files spring-beans-4.2.0.RC3.jar spring-core-4.2.0.RC3.jar spring-context-4.2.0.RC3.jar I know AD Selfservice plus runs Java 8 not java 9, but all the same, could we get a updated version of this library

• Granular permissions for technicians

  We have multiple technicians who help our customers and if can we add more Granular permissions to technician roles so that instead of giving them "ADMIN" access we can give them limited access to enroll/edit individual users or bulk edit/enroll users

• Feature Request : Backup cleanup task

  This product unlike most of the others ME produces does not seem to have a cleanup task for old backups or a setting to set the number of days to keep. I would like to see this added to the product as it helps keep everything clean and automates the cleanup process.

• Redirect to Enrolment

  Hi,  This may seem like a simple thing to achieve with forced enrolment but you know users. The only time many use the reset site is when their password has expired or they have locked it.  We would direct the users to the URL (again) and they always

• Change the Username field on the login portal

  Hi, I would like it to be possible to change the username login field on the login page. This field shows now (according to browser inspect) a placehold which is username in grey. This gets removed once you type a value in here. I would like to change

• When only one option during forget password select immediately

  Hi, I would like it if it was possible that, when going to "Forgot Password" and only having one option available you still have to select this in the dropdown menu. It would be better if then this one option was already selected. Kind regards, Daan

• Edit MFA from Administrator login

  Would it be possible to be able to give administrators access to remove MFA factors from a User Profile?  Or, automatically remove the factors that don't apply to the new policy I'd move them to, with a warning beforehand of course.   Here's my situation,

• Option to choose OU and Group while configuring the Policy

  Currently, while configuring the Policies we are able to see two options: OU and Group. By the current design, we have an "OR" between these two objetcs, so when we select one Group and one OU, the ADSS will get all the users inside the OU and all the

• ADSSP Dasboard view doesn't display desired information

  The ADSSP dashboard by default only shows the current month Audit Reports (i.e. Reset password, Unlock accounts, change password, etc)  However, there is no option provided for the Admins to make it show the total usage of it in the entire year. It only

• Mobile App vulnerability

  Adding to the vulnerability reported in  https://pitstop.manageengine.com/portal/en/community/topic/adssp-mobile-app-does-not-follow-the-mfa-for-reset-unlock  The enabled setting: Self-Service > Multi-factor Authentication > MFA for Reset/Unlock > MFA for ADSelfService Plus Login When using Change Password on the Web-browser of a laptop/desktop, this bring a MFA option to go through which is good and needed.  However, when performing Change Password from the mobile app, there is No MFA requested..

• ADSSP cannot identify if user account is moved from one OU to another

  ADSSP provides a good feature of Restricting user accounts that are in specific OUs. The schedule scan works fine. But there are situations, an account that was placed in the Restricted OU is moved to another OU which isn't set as restricted in ADSSP. 

• AD Self Service Plus MFA UAC elevation

  Could a feature be added the enables a MFA prompt when UAC elevation is triggered? Here is an example of what DUO MFA does: https://help.duo.com/s/article/5806?language=en_US Thank you, Evan Tisher

• Auto User Creation - API

  Hello there! ADSS is able to auto create users (quick enrollment) with some options, but they are not really quick. So I've request for a feature to allow using some API/script to enroll users. In our environment, we use a script to create the user in

• Password complexity by number of character types

  A password requirement that specifies the number of character types, rather than the number of characters of a type, would be a nice addition. For example, if you specify that there must be 3 different character types, then "Password!" would be allowed

• WAF Alerts for Excesive use of Special Characters

  Hello, Recently we have ADSelfservice Plus tool published in a Azure Gateway and if the enable there the WAF the notice the following rules issues. Detects basic SQL authentication bypass attempts 2/3 o Matched Data: \":10,\"T found within ARGS:NAVIGATION_DETAILS:

• Mobile App issue

  When performing Reset Password or Unlock Account, if the ADSSP mobile app is kept opened prior to selecting & going ahead with TOTP verification and/or QR code verification, the Mobile Auth does NOT display an alert.  This causes confusion to end users which ends up with several unwanted & unnecessary calls to IT team

• MFA Recovery code

  Hi ManageEngine Team, The MFA Recovery code which is made available to end-users after they have enrolled in ADSSP is a nice feature but needs a slight change, in my opinion. The MFA Recovery code is provided as an optional step for end-users to download

• ADSSP Mobile app issue with verification methods

  When Resetting password and/or unlocking account from the ADSSP mobile app, users get only 2 modes/option to verify themselves.. 1. Verify using Security questions 2. Push notification verification. User has enrolled with Email, SMS, TOTP, QR code , Security & Push notification  Why are Email verification, SMS verification, QR code & TOTP not made available when Resetting password or unlcoking account from ADSSP mobile app?

• GINA display customization

  The GINA screen at the Windows login screen does not give a good look. It should provide & have to ability to display the default Web page you see when a user or Admin accesses the portal via Web browser or a Custom web rather than the dull black screen

• ADSSP Admin portal missing logs for MFA Backup Codes generated by Admins

  The ADSSP portal Build 6100 provides Admins to generated MFA Backup Codes for end-users but does not have any logs recorded which could help trace back to which Admins have generated this code for an end-user account This is very bizarre and not sure

• Need to have ability to have multiple separate web pages for multiple domains added in ADSSP

  Ability to have multiple separate web pages for multiple domains added in ADSSP. As not all functionalities are needed to be enabled for every domain, having 1 common webpage for all domain isn't an ideal solution.  With separate webpages for each domain, only the needed options and functionality can be enabled without have users throw question to the IT department

• Expand offline codes to work for when mfa service is offline

  We are using the MFA to authenticate logins on PC's with the PC client and it works great in the office environment. However we have some technicians who often work in offline areas regarding the internet and in those situations they cannot log in to

• Single Sign-On Saml login

  Hi, I would like to configure single sign-on to be able to start an external application. I have a question about this. Is it possible to open an application directly with a link in the browser, or does the application always have to be started via ADSelfServie

• cached credentials for remote user's PC

  Hello All, With the pandemic that enforce organizations to let their employees work from home, digitization played the most important role to facilitate organizations to achieve their goals. As a result, we have all touch the challenges and benefits from digitization, specialty if the orgnization is not ready to adopt remote working or telecommuters. Thus, when it comes to access management, through reset password or unlock accounts the ADSelf service was very beneficial to reduce the cost and operation

• Disable Endpoint MFA for certain workstations or OUs

  Does AD SSP currently have the ability to restrict which computers or OUs endpoint MFA is enabled on? We currently have a subset of workstations that use a group password, a few different ones in fact that are restricted to certain group of computers. I would like to be able to exclude those systems from MFA while enabling it for the rest of our environment. Thanks,  Kenny

• Hide mobile number selection stage when one mobile number is set

  Hi, I need to decrease stage of Password Reset. I wanna to hide mobile number selection stage. What should I do? Thanks for helping

• Use another domain attribute instead of username for reset password

  Hi, Sometimes our user forget username. I wanna to set another domain attribute (like Employee ID) instead of username. What should I do? Thanks for helping

• Implement AD Account expiry date notification

  Is it possible to add notification for AD accounts (not their passwords) that are going to expire? It would be nice to be able to automatically send notification to users who's account is going to expiry let's say in 30 days.

• Report on all domains

  Hi, Is it possible to easily report on all domains rather than one-by-one?  need to extract: Total number of enrolled users All time AD unlocks All time AD password reset Thanks, John

• Background Colour varies behind the logo

  Previously, I uploaded a PNG logo with a transparent background and it worked great. With a recent update the banner background colour changed to a dark grey and my logo looks like rubbish. I would update my logo to work with the darker background but the logon page will has a light background - I don't have a logo that will work in both situations. This is from our logon page: And this is the same logo after logging in: I'd like to see the banner background colour consistent - and ideally customisable.

• Google vs. Microsoft Authenticator

  Is there anyway to change the title of "Google Authenticator" to just say "Authenticator App"? I have tested this and both the Google and Microsoft Authenticator apps can be used interchangeably. Users already have authenticator apps on there phone and I would rather just present one option and let the user use the app currently on their phone. By putting the brand name in the option it will make some users think that they can only use one or the other. There are other authenticator apps out there

• DEFECT: ADSelfService Plus SSL Tool does not accept multiple SAN names.

  When using the SSL Tool to create a CSR I cannot enter multiple comma separated SAN names in the SAN Name input box. Doing so results in the error "SAN Name must start with a letter and end with a letter or digit. The remaining characters can be letters, digits, or hyphens." The SAN name input box should behave like log360's SSL tool and allow a comma separated list of SAN names, otherwise those of us who use internal CA's cannot add both servername.mydomain and servername to the certificate and

• Integration of ADSelfService Plus with WhatsApp Gateway

  Hello Team. Is there the possibility of connecting ADSelfService Plus with any Gateway WhatsApp service for sending verification codes to users (Multi-Factor Authentication)? Is it contemplated in the next versions of ADSelfService Plus? We currently have some clients that have the WhatsApp Gateway service for sending notifications via WhatsApp; and they ask us if we can send the verification code from the ADSelfService Plus console to the users' cell phones through the WhatsApp Gateway. Regards,

• Next Page

New to ADSelfService Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Roadmap
• Workshops
• Contact support
• Live chat