Language MFA Offline
Currently, I don't see the feature to modify the language for MFA Offline. I think this is a great idea to optimize the language for users. I sincerely hope this will be implemented as an essential feature for you to develop
Kerberos authentication support.
Dear ManageEngine Team, We recently started utilizing Protected Users for a select group of privileged accounts (as outlined by Microsoft here). However, we have observed that these users are unable to log in to AD Self Service Plus to reset their passwords.
Machine MFA Prompts
Hi, Would it be possible to skip the first couple of windows that appear when using MFA at Windows login? For example, at the moment the user enters their normal Windows password and then prompt saying they need to use a security key, they click continue
Custom message to users
Right now for users who have not passed onboarding, when trying to authorize, both Cisco Any Connect and Exchange return an error that the username or password is incorrect. Create a custom message if the user fails onboarding and attempts to authorize,
Sound in iPhone Notification
Greetings, Currently there is no sound (alert) when a notification arrives in iPhone devices. Kindly consider implementing this feature. Best regards, Theo
Feature Request - Password Sync Agent Status
Hi, I set up all the Password Sync Agents on the domain controllers but it looks like there is nothing in the portal to show the status of the agent. It would be very helpful if we could see the communication status of the agents on each DC and also set
Adding ID Verification Type Column
I would like to request from development team, if possible, to add ID Verification Type Column under User Attempts Audit Report page so that if users are enrolled by multiple authentication type, administrators can keep track and also troubleshoot the
Authenticator Mobile App - approve/deny from notification panel/lock screen + machine name
Can your development team look at adding Approve/Deny functionality directly from the lockscreen, similar to what Microsoft, Google, and Duo authenticator do? It will be much more useful than having to tap the notification or unlock the phone and open
Implement MFA for Outlook client
My company sees the implementation of MFA for OWA/ECP as a very positive step, and I highly appreciate this initiative. However, MFA has not been enabled for the Outlook client yet. I suggest that the Admin add MFA feature for Outlook as well to enhance
Testing/rescinding authorization
Is there a way we could test from the portal authentication? I.E. I authenticate just fine, my users are reporting problems with authentication, I make a change to fix the issue, but I can not currently test this change. Along the same lines as testing,
Request add more method for support 2FA
1. Mobile Authenticator of ADselfservice or 3rd party 2. Multi-protocol security key such as yubikey by yubico | https://www.yubico.com/products/yubikey-hardware/ 3. FIDO2 for passwordless authnticate https://fidoalliance.org/fido2/ Thank you for build great app and great support.
Password complexity by number of character types
A password requirement that specifies the number of character types, rather than the number of characters of a type, would be a nice addition. For example, if you specify that there must be 3 different character types, then "Password!" would be allowed
Change the password through ADSelfservice to synchronize the new password to the laptop
When employees are outside the company and cannot access the company network (no VPN service, etc.) But the password expired due to the policy. He can change his password through ADSelfservice (web), but the password cannot be synchronized to his laptop
Microsoft Exchange Online as mail delivery system (OAuth 2.0)
Nowadays is very common to see organizations using Microsoft Exchange Online as their mail delivery system and I think ADSelfService Plus should be able to accept it as a valid email configuration setting. Right now the only option that the mail settings
Multiple MFA Providers for ENDPOINT VPN
Currently we can only select one method for endpoint VPN, i.e either Microsoft Authenticator or Google one or RSA etc. We want to give users privilege to be able to use any of the enabled MFA methods.
[Tips & Tricks] Blacklist passwords using ADSelfService Plus
With the rise in number of enterprise applications, it can be relatively easy for users to fall into the habit of using passwords like ‘Password@123’. This password complies with several password hardening measures and satisfies the Windows Active Directory password complexity requirements as well. However, it can be easily cracked by means of a dictionary attack. ADSelfService Plus secures passwords from sophisticated password attacks by disallowing users from using commonly used passwords, patterns,
MFA authentication factors - default factor and mandatory factor
Hello, We would like to configure a default MFA authenticator factor (exemple : code send via email) the first time a user access the portal and after that a mandatory factor (exemple : OTP from an app or Yubikey), becasue we force a user to enroll a
Secure helpdesk user verification
The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is likely when using security questions, it is much less common if multi-factor authentication is used. A much needed feature in
Granular permissions for technicians
We have multiple technicians who help our customers and if can we add more Granular permissions to technician roles so that instead of giving them "ADMIN" access we can give them limited access to enroll/edit individual users or bulk edit/enroll users
Redirect to Enrolment
Hi, This may seem like a simple thing to achieve with forced enrolment but you know users. The only time many use the reset site is when their password has expired or they have locked it. We would direct the users to the URL (again) and they always
Change the Username field on the login portal
Hi, I would like it to be possible to change the username login field on the login page. This field shows now (according to browser inspect) a placehold which is username in grey. This gets removed once you type a value in here. I would like to change
When only one option during forget password select immediately
Hi, I would like it if it was possible that, when going to "Forgot Password" and only having one option available you still have to select this in the dropdown menu. It would be better if then this one option was already selected. Kind regards, Daan
[Tips & Tricks] How to synchronize the passwords of Oracle Database accounts with Active Directory using ADSelfService Plus?
Two weeks ago, we saw how ADSelfService Plus facilitated password synchronization between Zendesk and Active Directory. This week, let’s learn how to integrate Oracle Database with Active Directory for password synchronization using ADSelfService Plus. With ADSelfService Plus’ Real-time Password Synchronizer, update the password of users' Oracle Database account when their AD password is changed or reset. Thus the solution helps to reduce password related issues by ensuring that users have only
Option to choose OU and Group while configuring the Policy
Currently, while configuring the Policies we are able to see two options: OU and Group. By the current design, we have an "OR" between these two objetcs, so when we select one Group and one OU, the ADSS will get all the users inside the OU and all the
AD Self Service Plus MFA UAC elevation
Could a feature be added the enables a MFA prompt when UAC elevation is triggered? Here is an example of what DUO MFA does: https://help.duo.com/s/article/5806?language=en_US Thank you, Evan Tisher
Auto User Creation - API
Hello there! ADSS is able to auto create users (quick enrollment) with some options, but they are not really quick. So I've request for a feature to allow using some API/script to enroll users. In our environment, we use a script to create the user in
GINA display customization
The GINA screen at the Windows login screen does not give a good look. It should provide & have to ability to display the default Web page you see when a user or Admin accesses the portal via Web browser or a Custom web rather than the dull black screen
Expand offline codes to work for when mfa service is offline
We are using the MFA to authenticate logins on PC's with the PC client and it works great in the office environment. However we have some technicians who often work in offline areas regarding the internet and in those situations they cannot log in to
Radius MFA
Has anybody had issues connecting ADSelfService Plus to OpenRadius. I am asking as OpenRadias has a LinOPT connector which would then connect to a Feitian OTP c200 hardware token. In theory when a user logs on AD SelfService Plus will request a MFA challenge,
cached credentials for remote user's PC
Hello All, With the pandemic that enforce organizations to let their employees work from home, digitization played the most important role to facilitate organizations to achieve their goals. As a result, we have all touch the challenges and benefits from digitization, specialty if the orgnization is not ready to adopt remote working or telecommuters. Thus, when it comes to access management, through reset password or unlock accounts the ADSelf service was very beneficial to reduce the cost and operation
cached credentials for remote user's PC
Hello All, With the pandemic that enforce organizations to let their employees work from home, digitization played the most important role to facilitate organizations to achieve their goals. As a result, we have all touch the challenges and benefits from digitization, specialty if the orgnization is not ready to adopt remote working or telecommuters. Thus, when it comes to access management, through reset password or unlock accounts the ADSelf service was very beneficial to reduce the cost and operation
Delete Registered User in AD Self Service
How to delete a registered user in AD Self Service Plus?
Breaking Active Directory passwords with brute-force
With the exponential rise in the number of enterprise applications, users tend to fall into the habit of using weak passwords to secure their accounts. Hackers use this to their advantage by targeting user accounts with sophisticated credential-based attacks like brute force. After all, hackers only need one set of valid credentials to gain access to the organization’s network and cause havoc. Wouldn't it be great if you could protect your business from cyberattacks by ensuring that users create
Implement AD Account expiry date notification
Is it possible to add notification for AD accounts (not their passwords) that are going to expire? It would be nice to be able to automatically send notification to users who's account is going to expiry let's say in 30 days.
Do you use PowerShell scripts to notify users of password expiration via email?
Most IT admins use PowerShell scripts to send password expiration notifications to users' email addresses configured in Active Directory. However, if admins want to send or schedule multiple email notifications, PowerShell scripts might be of little help. ADSelfService Plus' Password Expiration Notifier, on the other hand, enables IT admins to set up a scheduler to send phased SMS and email alerts to users from an easy to use interface. It can also send email alerts for soon-to-expire accounts as
[Tips & Tricks] How to enable SAML-based SSO for ADSelfService Plus using OneLogin?
Last week we saw how ADSelfService Plus facilitated SSO for its web console through Okta. This week let’s learn how to set up one click access to ADSelfService Plus’ console through OneLogin. If SSO is enabled, whenever a user attempts to log on to ADSelfService Plus’ web console, OneLogin will authenticate the request and grant access to the ADSelfService Plus portal. When a user is already logged in to OneLogin and tries to access ADSelfService Plus, the user will be granted access automatically.
[Tips & Tricks] How to enable SAML-based SSO for ADSelfService Plus using Okta?
If your organization uses SAML-based identity provider (IdP) applications such as Okta, you can enable one click access (SSO) to ADSelfService Plus' web console. Once SSO is enabled, whenever a user attempts to log on to ADSelfService Plus’ web console, Okta will authenticates the request and grants access to ADSelfService Plus portal. If a user is already logged in to Okta and tries to access ADSelfService Plus, the user will be granted access automatically. Prerequisite If you do not find ADSelfService
[Tips & Tricks] Bulk disenrollment of users in ADSelfService Plus
ADSelfService Plus offers administrators the convenience of performing bulk disenrollment of users. This feature allows them to manage user’s licenses effectively and also not be pushed to the extent of disenrolling users one at a time. Administrators can choose between the following two options to perform bulk disenrollment. Select multiple users from Enrollment Reports. Import users from a CSV file. Method 1: Select multiple users from Enrollment Reports. Log into ADSelfService Plus as an
[Tips & Tricks] Updating cached credentials by configuring custom VPN providers in ADSelfService Plus.
ADSelfService Plus can automatically update the locally cached credentials in remote users’ machines as and when they reset their passwords. To update cached credentials, ADSelfService Plus requires the Windows logon agent, bundled with the product, and a command line VPN client to be installed in the users' machines. It supports these VPN clients: Fortinet, Cisco IPSec, Cisco AnyConnect, Windows Native VPN, SonicWall NetExtender, Checkpoint EndPoint Connect, and SonicWall Global VPN. You can also
[Tips & Tricks] Configuring high availability in ADSelfService Plus
ADSelfService Plus utilises automated failover to support high availability in case of system and product failures. Essentially, this means that when the ADSelfService Plus service fails on one machine, another instance of ADSelfService Plus running on another machine automatically takes over. Before configuring high availability in ADSelfService Plus, make sure that the following conditions are satisfied. Condition 1: Download and install ADSelfService Plus in two separate machines. If you already
Next Page