Feature Request - Password Sync Agent Status
Hi, I set up all the Password Sync Agents on the domain controllers but it looks like there is nothing in the portal to show the status of the agent. It would be very helpful if we could see the communication status of the agents on each DC and also set
Authenticator Mobile App - approve/deny from notification panel/lock screen + machine name
Can your development team look at adding Approve/Deny functionality directly from the lockscreen, similar to what Microsoft, Google, and Duo authenticator do? It will be much more useful than having to tap the notification or unlock the phone and open
QR Code Enrollment
Is it possible to send an enrollment notification e-mail that includes the Microsoft Authenticator QR code for that user? Or possible to generate the QR code ourselves and we can send email through other means. Thanks! Jeff
Implement MFA for Outlook client
My company sees the implementation of MFA for OWA/ECP as a very positive step, and I highly appreciate this initiative. However, MFA has not been enabled for the Outlook client yet. I suggest that the Admin add MFA feature for Outlook as well to enhance
Feature Request: Time Based MFA Authentication
Would be nice to have the ability to set a max length of time (such as 24hrs) a user can be authenticated for and after that they are prompted for MFA
Report/Audit on Policy or Configuration Changes to AD Self Service Plus
Hello! I am in need of a way to audit which admin makes changes to various features with the app. For example - when an admin adds prohibited words to our password policy. Is there a way to obtain this information?
Password Synch Agent health Status
Dear ADSelfServiceplus team For the love of god.. Please add the feature to review password agent health status installed on DC directly from portal instead of going to each DC and checking the health. Imagine if an organization has 15-20 DCs and we need
The issue of users continuously using tools to change passwords on the website
Hi Admin, Currently, the tech-savvy users in our company are using tools to exploit our website's Change Password feature to revert to old passwords. We have implemented a restriction disallowing the reuse of the last 10 passwords. However, users have
Testing/rescinding authorization
Is there a way we could test from the portal authentication? I.E. I authenticate just fine, my users are reporting problems with authentication, I make a change to fix the issue, but I can not currently test this change. Along the same lines as testing,
Feature Request : Backup cleanup task
This product unlike most of the others ME produces does not seem to have a cleanup task for old backups or a setting to set the number of days to keep. I would like to see this added to the product as it helps keep everything clean and automates the cleanup process.
Request add more method for support 2FA
1. Mobile Authenticator of ADselfservice or 3rd party 2. Multi-protocol security key such as yubikey by yubico | https://www.yubico.com/products/yubikey-hardware/ 3. FIDO2 for passwordless authnticate https://fidoalliance.org/fido2/ Thank you for build great app and great support.
Password complexity by number of character types
A password requirement that specifies the number of character types, rather than the number of characters of a type, would be a nice addition. For example, if you specify that there must be 3 different character types, then "Password!" would be allowed
Change the password through ADSelfservice to synchronize the new password to the laptop
When employees are outside the company and cannot access the company network (no VPN service, etc.) But the password expired due to the policy. He can change his password through ADSelfservice (web), but the password cannot be synchronized to his laptop
Microsoft Exchange Online as mail delivery system (OAuth 2.0)
Nowadays is very common to see organizations using Microsoft Exchange Online as their mail delivery system and I think ADSelfService Plus should be able to accept it as a valid email configuration setting. Right now the only option that the mail settings
Multiple MFA Providers for ENDPOINT VPN
Currently we can only select one method for endpoint VPN, i.e either Microsoft Authenticator or Google one or RSA etc. We want to give users privilege to be able to use any of the enabled MFA methods.
Admin activity logs feature/functionality missing in ADSSP portal
Since multiple Admins can be granted access to the ADSSP portal, it is imperative to have the ability to trace Admins activity for any kind of changes made to or in the ADSSP application. However, this feature/functionality is missing in previous builds
Integration of ADSelfService Plus with WhatsApp Gateway
I would like to know how to integrate WhatsApp with Adselfservice plus to send the code instead of SMS.
MFA authentication factors - default factor and mandatory factor
Hello, We would like to configure a default MFA authenticator factor (exemple : code send via email) the first time a user access the portal and after that a mandatory factor (exemple : OTP from an app or Yubikey), becasue we force a user to enroll a
Connect ADSelfService with Azure AD
Hi there, There is a way to connect directly to Azure AD without an OnPrem AD. I cannot connect ADSelf Service with Azure AD. If you have done this please share the steps. BR
Secure helpdesk user verification
The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is likely when using security questions, it is much less common if multi-factor authentication is used. A much needed feature in
Spring4Shell in ADSelfservice Plus
Searching my \Lib folder today found the following files spring-beans-4.2.0.RC3.jar spring-core-4.2.0.RC3.jar spring-context-4.2.0.RC3.jar I know AD Selfservice plus runs Java 8 not java 9, but all the same, could we get a updated version of this library
Granular permissions for technicians
We have multiple technicians who help our customers and if can we add more Granular permissions to technician roles so that instead of giving them "ADMIN" access we can give them limited access to enroll/edit individual users or bulk edit/enroll users
Redirect to Enrolment
Hi, This may seem like a simple thing to achieve with forced enrolment but you know users. The only time many use the reset site is when their password has expired or they have locked it. We would direct the users to the URL (again) and they always
Change the Username field on the login portal
Hi, I would like it to be possible to change the username login field on the login page. This field shows now (according to browser inspect) a placehold which is username in grey. This gets removed once you type a value in here. I would like to change
When only one option during forget password select immediately
Hi, I would like it if it was possible that, when going to "Forgot Password" and only having one option available you still have to select this in the dropdown menu. It would be better if then this one option was already selected. Kind regards, Daan
Edit MFA from Administrator login
Would it be possible to be able to give administrators access to remove MFA factors from a User Profile? Or, automatically remove the factors that don't apply to the new policy I'd move them to, with a warning beforehand of course. Here's my situation,
Option to choose OU and Group while configuring the Policy
Currently, while configuring the Policies we are able to see two options: OU and Group. By the current design, we have an "OR" between these two objetcs, so when we select one Group and one OU, the ADSS will get all the users inside the OU and all the
ADSSP Dasboard view doesn't display desired information
The ADSSP dashboard by default only shows the current month Audit Reports (i.e. Reset password, Unlock accounts, change password, etc) However, there is no option provided for the Admins to make it show the total usage of it in the entire year. It only
Mobile App vulnerability
Adding to the vulnerability reported in https://pitstop.manageengine.com/portal/en/community/topic/adssp-mobile-app-does-not-follow-the-mfa-for-reset-unlock The enabled setting: Self-Service > Multi-factor Authentication > MFA for Reset/Unlock > MFA for ADSelfService Plus Login When using Change Password on the Web-browser of a laptop/desktop, this bring a MFA option to go through which is good and needed. However, when performing Change Password from the mobile app, there is No MFA requested..
ADSSP cannot identify if user account is moved from one OU to another
ADSSP provides a good feature of Restricting user accounts that are in specific OUs. The schedule scan works fine. But there are situations, an account that was placed in the Restricted OU is moved to another OU which isn't set as restricted in ADSSP.
AD Self Service Plus MFA UAC elevation
Could a feature be added the enables a MFA prompt when UAC elevation is triggered? Here is an example of what DUO MFA does: https://help.duo.com/s/article/5806?language=en_US Thank you, Evan Tisher
Auto User Creation - API
Hello there! ADSS is able to auto create users (quick enrollment) with some options, but they are not really quick. So I've request for a feature to allow using some API/script to enroll users. In our environment, we use a script to create the user in
WAF Alerts for Excesive use of Special Characters
Hello, Recently we have ADSelfservice Plus tool published in a Azure Gateway and if the enable there the WAF the notice the following rules issues. Detects basic SQL authentication bypass attempts 2/3 o Matched Data: \":10,\"T found within ARGS:NAVIGATION_DETAILS:
Mobile App issue
When performing Reset Password or Unlock Account, if the ADSSP mobile app is kept opened prior to selecting & going ahead with TOTP verification and/or QR code verification, the Mobile Auth does NOT display an alert. This causes confusion to end users which ends up with several unwanted & unnecessary calls to IT team
MFA Recovery code
Hi ManageEngine Team, The MFA Recovery code which is made available to end-users after they have enrolled in ADSSP is a nice feature but needs a slight change, in my opinion. The MFA Recovery code is provided as an optional step for end-users to download
ADSSP Mobile app issue with verification methods
When Resetting password and/or unlocking account from the ADSSP mobile app, users get only 2 modes/option to verify themselves.. 1. Verify using Security questions 2. Push notification verification. User has enrolled with Email, SMS, TOTP, QR code , Security & Push notification Why are Email verification, SMS verification, QR code & TOTP not made available when Resetting password or unlcoking account from ADSSP mobile app?
GINA display customization
The GINA screen at the Windows login screen does not give a good look. It should provide & have to ability to display the default Web page you see when a user or Admin accesses the portal via Web browser or a Custom web rather than the dull black screen
ADSSP Admin portal missing logs for MFA Backup Codes generated by Admins
The ADSSP portal Build 6100 provides Admins to generated MFA Backup Codes for end-users but does not have any logs recorded which could help trace back to which Admins have generated this code for an end-user account This is very bizarre and not sure
Need to have ability to have multiple separate web pages for multiple domains added in ADSSP
Ability to have multiple separate web pages for multiple domains added in ADSSP. As not all functionalities are needed to be enabled for every domain, having 1 common webpage for all domain isn't an ideal solution. With separate webpages for each domain, only the needed options and functionality can be enabled without have users throw question to the IT department
Expand offline codes to work for when mfa service is offline
We are using the MFA to authenticate logins on PC's with the PC client and it works great in the office environment. However we have some technicians who often work in offline areas regarding the internet and in those situations they cannot log in to
Next Page