Restrict Profile by IP Address
Is there a way in AD Self Service Plus to setup a profile with an IP address filter? We want to allow domain admins to unlock/reset their passwords but only from within the LAN and not from the WAN. So we would have 2 profiles, one that points to the regular users OU that is usable from any IP address and another profile that points to the OU containing admins that is only usable from the LAN ip addresses. Much like you can restrict the Admin login page by ip address/range.
Servicenow Single sign on integration
Hello, I have a problem with setting up of SSO for Servicenow via ADSelfService Plus. I went through the documentation on page https://www.manageengine.com/products/self-service-password/step-by-step-guide-for-servicenow-single-sign-on.html but when I am trying to use external login to ServiceNow using the email address am forwarded to ADSelfService Plus which is showing me error message Sorry ! You are not authorized to view the contents of this file. Back | Sign Out Do you have an idea what can
HTML-formatting
Greetings, I've built a HTML-formatted email that i've pasted into the admin console, but when I send it, it just sends as plain text. I've tested the emailtemplate in a browser and there it looks correct, and formats correctly. In earlier builds of ADSelfService you had to activate the HTML-function, if that's the problem with the new release, where do I find that option? Thank you in advance! B/R Filip
Change Port No.
Hi, I created a server and called it 'SelfService' and the default port was 8888 so now when you browse to the URL it is http://selfservice:8888. Is there any way to change this so that it is http://selfservice ?
Security hardening
Hi - my installing will be subject to pen testing so I am looking for information regarding hardening of ADSelfService Plus. I've done the usual stuff from the Admin portal but am now looking at the CIS tomcat benchmark has anyone had ADSelfService Plus benchmarked? Does anyone have anything they can share on - e.g. I'd like to use SecurityManager but worry about breaking things - does anyone have a proven policy file?
Limit "Search Employee" and "Organization Chart" results
Is there a way of limiting the above searched to a specific OU or a custom LDAP Filter? Also, is it possible to remove the "[Change]" link after the " Organization Chart for Domain"? Thanks Bob
ADSelfService Plus & Symantec VIP for MFA
Has anyone successfully integrated ADSelfService Plus with Symantec VIP for multi-factor user authentication during "forgot my password" and "unlock account" actions? If yes, can you share details how did you perform the integration?
ADSelfService Plus - Redirect HTTP to HTTPS
Hello - We're running v5.5, build 5521. We've successfully enabled SSL to port 443. So, accessing https://ad.mydomain.com takes users to the SSL enabled version of the login page. The way I understood it, once SSL was enabled, any HTTP requests should automatically forward to HTTPS. But, that doesn't seem to be the case for us. If a user enters either ad.mydomain.com or http://ad.mydomain.com, it takes them to a non-secure version of the site. In server.xml, the line begining <Connector URIEncoding...
Mobile - Password Reset Screen Customization
Does anyone know a way (or the correct way) to customize the Password Reset screen on the mobile app? We're wanting to include a line for password restrictions (like - Use 3 of 4 items listed: Upper, Lower, Number, Special characters). Thanks for any thoughts or workarounds/hacks.
Mobile Access
Hi, Could you please advise what the difference is between 'Mobile site access' and 'Mobile app access' (as per attached screenshot)?
Force Enrollment Screen
When users are forced to enroll, they are presented with the ADSelfService Plus login screen. Once they enter their AD credentials to enroll they are sent to the Change Password screen and a popup window appears "Thanks for enrolling into ADSSP" "Click Yes to explore Self-Service options or No to quit." Most of our users get confused by this prompt or don't even read it and just click "Yes" and then proceed to change their password because they believe it's required for the enrollment. Is there a
Automated email to Non-Enrolled Users?
We have a number of Non-Enrolled users, is there an automated way to send an email to all these users with the standard template? The workaround would be to download these users and manually email, but an automated process would help ... Does anyone know if this is possible ? Thanks
ADSelfService Plus 5513 released with additional features and enhancements
We have released a new version of ADSelfservice Plus-5513.This release the following features and enhancements. Features: Custom SAML applications: Any application that supports SAML 2.0 protocol for authentication can now be integrated for SSO. Custom VPN providers: Updating of cached credentials through any VPN providers that allow command line arguments to establish VPN connections is now supported Enhancements: SAML SSO support for Shufflrr and ADP. Option to exclude TFA for service provider(SP)
Amsterdam, are you ready? ManageEngine's GDPR & IT Security Seminar is headed your way.
Hi, Come May 25, the GDPR will be in force and your organization must walk the talk on cybersecurity. Are you up for the challenge? ManageEngine invites you to be a part of its new initiative, the GDPR & IT Security Seminar in Amsterdam. Attend this seminar to hear what Derek Melber, Active Directory MVP, has to say about fortifying your IT infrastructure and being GDPR-ready. Date: Feb 13, 2018 Venue: Hotel Novotel, Amsterdam Reserve Your Spot This seminar will be
ManageEngine's GDPR & IT Security Seminar in London - Register Now
Hi, How strong is your cybersecurity strategy? Implementing better cybersecurity tactics and meeting the GDPR mandates can help improve overall security and restrict access to personal data. ManageEngine ADSolutions team invites you to attend the free seminar on "GDPR & Cyber Security" in London. Derek Melber, Active Directory MVP, will unravel the mystery surrounding the GDPR and help you lay out your organization's security roadmap in tune with the new mandate. There will also be sessions that focus
MSGINA on Windows 10 1709
It doesn't appear to be working. I don't get a reset/unlock link on the login page. Tested on two different 1709 installs. Works fine on Windows 7 and will be testing on a 1706 installation, which is what MOST of our installs are.
Password synchronization between ADSelfservice and Ellucian luminis
I am looking for password synchronization between ADSelfservice and Ellucian luminis Ellucian luminis uses LDAP Unfortunately I am not able to configure in ADselfservice using open LDAP Kindly advice
AdSelfService Personalize Security Question
Hi, I have a question. I can configure a personalized security questions in the enrollment process?
Edit mobile/app login page
Can i remove "account unlock" from the mobile frontpage?
Ports needed from DMZ to LAN on firewall
What ports must be open from a DMZ to LAN for ADSSP to operate?
Citrix Web Interface
I would like to tie in my ADSelfService with Citrix, when I select the Citrix Web Interface provider under Administrative Tools it just directs me to a marketing web page. Is there any documentation on how to tie it into Citrix?
Problem with GSM Modem
Hi, I have a problem with GSM Modem. Every 10-15 minuets when I try to send test SMS message I see error "SMS Sending failed because of Invalid Modem gateway". When I connect to modem via hyper terminal or SiMoCo modem works fine. How I can resolve this issue? Regards, Anton
Can I use "Disallow the use of these patterns" to block single characters?
Hi, We've found that when user's have some characters in their password (@, ?, or /) they cause issues logging into one of our third party applications that verifies against the users' AD credentials. It doesn't look like the "Disallow the use of these patterns" feature is designed to prevent users having certain single characters in their passwords but, in my brief testing, it seems to work fine. Are there any issues I should be aware of? Obviously I'll need to ensure that the custom rules I configure
Second e-mail
Hello, Our users have custom AD attribute with alternate e-mail address. In new release I can't find how to add this custom attribute to password reset page. I see only "Email ID". How I can add alternate e-mail address to password reset page? Regards, Anton
Service Account Permission
I was reading through the documentation and it is a little vague on the permissions required and eludes to needing Domain Admin. Would it be instead possible to delegate password reset for the account in question to lock down? Is there a security best practice for this?
Reset password option doesn't work using any form of two-factor authentication?
Hello. We're getting ready to deploy ADSSP to our entire company in order to use the unlock account and password reset features. We're looking to secure the user login process by using TFA, specifically in our case RADIUS or Duo but we're running into an issue with the reset password tool using any form of TFA. The account unlock feature works fine, users receive the prompt on their phone such as with Duo that then allows them to authentication. Where we are running into a problem is using the
Domain Policy Vs GPO Policy
We are having issues with ADSelfService Plus not reading the GPO policy rather it is reading domain policy. I don't understand why this started happening. Even after using the Domain level policy it still outputs an error message that we haven't satisfied the password criteria. This is really annoying, please advice what the issue could be or ask questions so I can provide you how the configurations is. FYI - I've reached out to manage engine and they were unfortunately NO help.
Duplicate Installs
We have had Password Reset up and running for over a year. Just this past month, a remote site that has it's own forest came under our management. They want to have Password Reset set up in their environment set up exactly like our - right down to the customized bitmap. Is there an easy way of duplicating the customizing we've done on our setup on their server or are we going to have to sit down and open up screen by screen and copy the settings that way? Thank you, Jamie
paasword reset tool
In active directory my account shows as locked but on my desktop my account is not showing as locked when I tried to use the password tool to unlock my account it shows as my account is not locked
Solved: Users locked out of Gmail after failed password reset
/long rant incoming We rolled out AD SSPlus to our campus(about 16k total users) and all seemed to be going well for the most part. However, we started getting calls that some users were unable to get into their email accounts AFTER they tried to reset their password, but they were able to log in to any site that used Active Directory authentication. This was very strange to hear and I will explain why. We use Google Business for our email, and we utilize Google Apps Password Synchronizer (GAPS)
Password change timer
dear team I have issue with change password when I changed the old password still work in change portal in 5 mint then stop how I can make invalid use immediately?
ADSelfServicePlus VPN Configurations
Can this feature be enabled for remote users to then prompt for Token credentials each time before allowing use of the tool when off the network?
ADDSelfservice Account lock out
I tried locking my account by entering the wrong password several times. My account shows has been locked in active directory but in ADDSelfservice my account is not locked
This page can’t be displayed when trying to Access the AD Password Self Service Tool
After deploying the GINA/Mac installation some devices go to a "Page can't be displayed" where others connect to the tool fine and allow users to unlock/reset
Default Login Page
Once a User signs in to the Portal it defaults them to the "Change password" Screen. How can i set this to default to the "Enrollment" Screen? I do have the Self Update option turned off so it forces Change Password as the next default page.....
Error when user attempts to change a password
Running ADSelfService Plus, 5330, on an EC2 instance in Amazon Web Services. Using their managed Active Directory service. Most users have no problem changing their password but one user has issues and we see the following in the log file:Change Password Failed,hr:800704f1 Not sure what is going on here. Any insights?
Users getting locked out after 1 failed attempt.
We are creating users in our AD and providing an initial login and password. They are then required to login to AD self service plus to enroll and change their password. User accounts are getting locked after one failed password. AD is set to 3 failed attempts, and the users do not have anything else connected since this their first time logging in. Please help.
Incorrect URL for mobile phones
Hi, I have a trouble. When user try to reset password from mobile phone he can't do it. On last step he see "Sorry,the page you requested was not found". I think problem in URL https://ADSSP/m/authorization.do. What i need to do to resolve this issue? Regards, Anton
Issues with iPhone App
Through the website everything works as well as with the android app. Using the Iphone app I hit "Account Unlock" and enter my Username with Domain Domain\username and get "invalid loginname or you are required to enroll to use this service" As I said: With the android app or the websites it works perfectly. Any idea?
Implement SSL certificate from internal Microsoft 2012 CA
I am trying to setup ADSelfService Plus to use HTTPS and we are using an internal certificate (Windows 2012) CA, I have reviewed the documentation around setting up SSL but the documentation mainly refers to external CA partners is there a document or guide I am missing that has the detailed steps required to set this up at all as at the moment I can't get the solution to work using SSL. Thanks in advance.
Next Page