Locking down the product for use externally
We've been using Self Service Plus for years now and are considering how to open it up for external users (not necessarily ona VPN, public access). Are there any KB articles we can reference? I've had a look through and can't find anything. Our problem is we have external vendor support users who have accounts in our system, but still need to reset passwords every x days. 1) Is opening this application (via a reverse proxy or the like) something that is supported or recommended? 2) Are there any
Missing Restrict Scheduler Rules
Anyone run into issues where newly created Restrict Schedule rule disappear after you create them? I just created a new Restrict Scheduler rule to run every morning restricting disabled/expired AD accounts but after saving the rule it doesn't show up on the Restrict Users Scheduler list.
second email address for users?
We use our ADSelf service product for managing passwords for our Windows server hosted rdweb applications. Our users are issued a windows username, but this is not used for actual email to the users, currently the hosted user domain account does not record the actual email address of the user. Because of this we can't use the email features in ADSelf Service. Is there a work around for this? Does anyone else have a similar setup?
ADSelfService Plus 5705 Released !!!
Hello folks! We are delighted to announce the release of 5705 build. With this build, ADSelfService Plus extends support to Linux machines, rolls out a few enhancements and issue fixes. Highlight: Login agent for Linux: Users can reset passwords and unlock accounts from the login prompt of their Linux machines. Enhancements Synchronize Active Directory password resets and changes across MS SQL and PostgreSQL accounts in real time. Ability to link user accounts for password synchronization using
Operator View all domains
Hi, I am trying to allow access to the admin console for our technicians (operator role) but they can only administer the domain their account exists on? How can I allow the operator role access to all domains akin to the super admin role? We also use ADAudit Plus and this allows to check box the required domains that the operator has access to, but I can't see this option in ADSelf-Service? Any help would be appreciated. Thanks
AD Self Service Plus as an Advertisement Engine
I have a concern with the fact that my local installation of AD Self Service Plus is being used to generate Webinar advertisements for ManageEngine's other solutions, in this case - AD360 the Integrated identity and access management (IAM) solution. I recently received an email from our helpdesk email address to our server admins address generated from ADSSP on our server advertising a webinar. I see this as an inappropriate use of the software and our server resources since I have purchased a license
Captcha Service - Screen Reader
Hi, We have identified an issue in our organisation relating to the Captcha functionality and users who are using screen reader software. The screen reader software being used does not work with the Captcha in its current state, would it be possible to add an audio option to play the captcha to those users and/or move to a service like ReCaptcha by Google: https://www.google.com/recaptcha/intro/v3.html I think they have a Open API to implement.. We wouldn't be keen on moving away from using the Captcha
How to configure TLS1.2
According to the release notes, the latest versions of ADSelfServicePlus support TLSv1.2. How is that configured?
AD SSP password notification bug (still...5 years later)
So we're using AD SSP 64-bit v5703. We having the same issue as reported in password expiry notification email. When we use the password notification, it works fine except when it sends a notification to a user on the day the user password expires. We're using the following HTML code with AD SSP macros: <p>Dear %displayName%,</p> <p>Your password will expire in %noOfDays% days on %dateTime%. You will need to change your password prior to this date/time to ensure uninterrupted access for your account.</p>(etc...etc..)
How to modify UI form Login and Page login
Hi, I want to modify UI form login and Login page. I saw tutorial in this post . But it's not everything that I need. I want modify more. I find file "DomainLogin.html" in "ManageEngine\ADSelfService Plus\webapps\adssp\html" .and get some code : <div id="LoginFrame" name="LoginFrame" objtype="LoginFrame" style="position: absolute; width: 325px; height: 205px; float: left; left: 571px; top: 76px; cursor: pointer;visibility:visible;;" class="whitetable ui-draggable dashedLineMOut"><div id="LoginFrame_txt"
Issue to execute Powershell Script into "Run Custom Script upon successful password reset / change."
Hi, I have a problem to execute Powershell into " Run Custom Script upon successful password reset / change. ". I have been execute VBS script with parameters and It worked correctly but the powershell not work correcty. The powershell Script is: powershell.exe PSWithParameters.ps1 %userName% %password%. PSWithParameters.ps1 is in the path. Thanks and regards, Gerardo Cortés
Self Reset Password not working
When a user tries to reset his password whitout the need of his old one, it does not work. Changing the password with the need of the old one does work.
ADSelfService Plus 5704 Released !!!
Hi, We are delighted to announce the release of 5704 build. With this build, you can enforce a disclaimer to limit the liabilities by specifying the rights of your organization. Feature: Ability to enforce custom user disclaimers: ADSelfService Plus now allows you to display custom disclaimers that users must accept before they can access the self-service portal. Enhancement: Password sync agent now supports TLS version 1.1 and 1.2. How to update? Update using service pack. New to ADSelfService
Password Reminder Notification has sending errors
I send email password expiration warnings every morning. Recently I have been getting error "432 4.3.2 STOREDRV.Storage; mailbox server is too busy; STOREDRV.Submisson.Exception:StorageTransientException.MapiExceptionRpcServerTooBusy; Failed to process message due to a transient exception with message Cannot open mailbox." randomly in my report. Has anyone else ran into this? I am using Office365 to send notification. Thanks,
SQL Server
Currently our databases are SQL SERVER 2012. That is getting old at this point We have the opportunity to migrate it to something current SQL SERVER 2014 or 2016 I was trying to find some info on the the website about supported versions, but I can’t find anything except that it is supported on MS SQL Anyway to find out what SQL SERVER versions are currently supported? Can it support High Availability?
Migrate from mysql to MSSQL and then attach to DB from new server?
I am working on moving ADSelfService to a new server and also a new database. Currently, I am running on a mysql database locally on same server as ADSelfService application. I'd like to run changeDB.bat to migrate the mysql database to my Microsoft SQL cluster. Then, after performing a successful migration, I'd like to build a new ADSelfService server and simply attach to that database up in the SQL cluster. Is this possible? If so, can you please provide commands?
ADSelfService Plus Fixes and Enhancements [2019]
Release Notes for build 5811 (Dec 28, 2019) Feature : Block breached passwords: ADSelfService Plus now supports integration with 'Have I Been Pwned?', which prevents the use of breached passwords during password change or reset by users. Release Notes for build 5810 (Dec 20, 2019) Issue Fixed: Issue in AltGr key usage in the GINA login agent when ADSelfService Plus' end-user portal is configured in non-english display settings. Release Notes for build 5809 (Dec 17, 2019) Enhancement: Option to resend
ADSelfService Plus 5703 Released !!!
Dear All, We are delighted to announce the release of 5703 build. This build rolls out a couple of new features along with some vulnerability fixes. Features: SAML-based single sign-on (SSO) via Line Works: ADSelfService Plus supports SSO via Line Works, which acts both as identity and service provider. Support for multi-factor authentication (MFA) via Line Works: ADSelfService Plus now supports MFA via Line Works, besides One Login and Okta, for user authentication during self-service password
How to setup connection when host ADSelfService outside office?
I have planned to setup ADSelfService Plus outside office by hosting in ISP data center, how to make connection between corporate AD and ADSelfService Plus. Thank you in advance for any suggestion.
Unable to get resources after doing url rewrite using IIS
I have accidentally posted under announcement but was unable to edit it. So any moderator who come across that post can remove it. Below is my current setup One point to know is the web server (aa.bb.cc) resides on a different server from ADSS+ I am able to access the login page normally using ADSS+ server ip My current configuration to access ADSS+ login page is as follows. Url: aa.bb.cc/password Rewrite url: http://<ADSS+ ip address>: 8888/showLogin.cc The login page can be shown but all the resources
Golden Image Install
Good Morning, Are there any steps that need to be taken when installing the ADSelfService GINA Agent to a golden image workstation that will be captured and copied for new workstations. I am primarily concerned with any issues that may be caused if the GINA agent assigns an ID to the machine when it gets installed, which would then be copied to all subsequent copied machines. Thank You, James Leitz
Application has not been installed properly
I am currently trialing AD SelfService Plus, with a view to purchasing for our organization. I have set up on the server and deployed the client software to one machine. The GINA configuration (from the server) has gone through fine, and I get a success message. Our server name is gct-dc01 and port is the default of 8888. On the client machine I can now see the "Reset/Unlock Account" link appearing but when clicking on it a white page appears (as though the client can't connect to the server?).
Introducing Weak Password Reporter Free Tool
The importance of using strong passwords for users’ end-point systems is critical to ensure the very survival of your organization as they could be easy gateways to access your organization’s mission critical data. Using strong passwords more of than not slows down, and even defeats the various attacks on users’ systems. For this very reason, IT administrators all around the globe continue to impress upon users the need for a strong password that contains a healthy mix of upper and lower case letters,
iOS/Android App Logon To Option & Push Notification Pop Up
In our environment we have 3 Domains configured and we have our users enter the Domain and Username in the following format when using AD Self Service Plus Domain\Username. No issue there but, on the iOS App it shows the Logon to option where as in the Android App it does not. Any particular reason why? Is there a way to make it standard for both? (see screenshots below) We would like the Logon To option to be hidden from the mobile app as well, as we have disabled the "Show 'Log on to' option
[Free Webinar] Secure Windows logons with two-factor authentication (2FA)
Social engineering attacks have increased and the advancements in these attacking techniques sure cause a concern about organization’s security. The easiest way to break into a network is by misusing a user’s identity. A strong password can also be compromised and we have to come to terms with password strengthening not being the only answer to protecting user accounts from these attacks. Join our product expert in this session to learn how to boost your organization’s security with an additional
ADSelfService Plus 5702 - Hotfix released !!!
Hi everyone, We're delighted to announce the release of ADSelfService Plus 5702 build. This build fixes several issues which include the following. Fixes: Issue of product crashing when the configured GINA Frame Text exceeded the character limit during translation. Issue which permitted users to close the password reset/account unlock window of the Windows logon agent is fixed. XSS vulnerability in the employee search, and the self-update layout. Issue in translating certain fields in the self-update
No Reports and new Technicians after switching Database?
Hello everyone, After switching the Database from one mysql to another mysql Database, we are no longer able to see auditreports or define new technicians. All we get is a message similiar to "No Reports available" and if we want to add a technician, we get a white Square, but the Users won't get listed. Is there any known way to fix this without reinstalling the tool? Thanks in advance - Dave
Change WebServer Port by Server
Hi Support team, Could you send me the procedure to change the webserver port by the server? I know to change it using the web console, however, the application is unavailable because of the port. Thank you.
ADSelfService Plus 5701 released with enhancements and issue fixes!
Hi everyone, The latest build of ADSelfService Plus rolls-out with enhanced mobile app deployment feature and couple other issue fixes. Enhancements: Trial mode: Test drive this feature by deploying the ADSelfService Plus iOS app for ten users’ mobile devices, with minimal configurations. Automated CSR signing from ManageEngine while configuring APNs. Schedulers to automate iOS app installation status. Fixes: An XML External Entity vulnerability that occurs while uploading product license is fixed.
[RESOLVED] ADSelfService Plus in a subdirectory from reverse proxy (nginx)
I have a website "example.org" and I want to add ADSelfService Plus to this website under "example.org/password". The problem I have is that I cannot make the configuration work. If I make it available from "example.org", everything works as it should. The moment I have it through "/password" I cannot log in or access any css files, only the indez page shows up. I have a rewrite url in IIS on the ADSS+ server so that it is avaible from http://serverip:80 Then I have the reverse proxy on another
Configure ADSelfServicePlus to use SQL server
Good day, For one my customers I'm trying to setup ADSelfServicePlus in a POC environment. The procedure for pointing the installation to SQL server (https://download.manageengine.com/products/self-service-password/configure-adselfservice-plus-with-mssql.pdf) is failing for me. When running changeb.bat I select MS SQL Server in the list box, I get a message I need to install the SQL native client first. But it's already installed. What is going wrong here? See attachment with screenshot. Thank you
Restrict Profile by IP Address
Is there a way in AD Self Service Plus to setup a profile with an IP address filter? We want to allow domain admins to unlock/reset their passwords but only from within the LAN and not from the WAN. So we would have 2 profiles, one that points to the regular users OU that is usable from any IP address and another profile that points to the OU containing admins that is only usable from the LAN ip addresses. Much like you can restrict the Admin login page by ip address/range.
Servicenow Single sign on integration
Hello, I have a problem with setting up of SSO for Servicenow via ADSelfService Plus. I went through the documentation on page https://www.manageengine.com/products/self-service-password/step-by-step-guide-for-servicenow-single-sign-on.html but when I am trying to use external login to ServiceNow using the email address am forwarded to ADSelfService Plus which is showing me error message Sorry ! You are not authorized to view the contents of this file. Back | Sign Out Do you have an idea what can
HTML-formatting
Greetings, I've built a HTML-formatted email that i've pasted into the admin console, but when I send it, it just sends as plain text. I've tested the emailtemplate in a browser and there it looks correct, and formats correctly. In earlier builds of ADSelfService you had to activate the HTML-function, if that's the problem with the new release, where do I find that option? Thank you in advance! B/R Filip
Support for multiple domains - aggregated stats
Hello all, We have 2 domains registered in ADSS. What we found was that you have to log in with a user from each domain to see only stats for that particular domain. There is no aggregated view of both domains that we can see in ADSS. Can you assist or guide us in the right direction? Regards, Stephan Terblanche
Can't chnage password
When ever I try to change password, it fails complaining about password policy/complexity. I've met the complexity requirements, but fails. What I've tried: 1. Set adselfserve service to admin account 2. Set domain auth account to admin account 3. Set domain password settings to no complexity and mim password age to 4 days 4. Enabled LDAPS on selfserve settings Nothing has worked. Details: latest version of AD Self serve Windows 2016 with latest patches AD self server installed directly on DC
ADSelfService Plus 5700 released with enhancements!
Hello Everyone! The latest build of ADSelfService Plus supports the updated version of JRE, Apache Tomcat server and PostgreSQL server, for improved security. Enhancements: JRE bundled with ADSelfService Plus is updated to version 1.8.0.162. Apache Tomcat server bundled with ADSelfService Plus is updated to version 8.5.32. PostgreSQL server bundled with ADSelfService Plus is updated to version 9.4.14. How to update? Update using service pack. New to ADSelfService Plus? Download the latest version
Change Port No.
Hi, I created a server and called it 'SelfService' and the default port was 8888 so now when you browse to the URL it is http://selfservice:8888. Is there any way to change this so that it is http://selfservice ?
Security hardening
Hi - my installing will be subject to pen testing so I am looking for information regarding hardening of ADSelfService Plus. I've done the usual stuff from the Admin portal but am now looking at the CIS tomcat benchmark has anyone had ADSelfService Plus benchmarked? Does anyone have anything they can share on - e.g. I'd like to use SecurityManager but worry about breaking things - does anyone have a proven policy file?
Self Service Portal session expires while resetting the password
Hello everyone, Greetings!!! While resetting the password the portal session expires if the password is not matching the complexity. I have already enabled this option "Allow users to retry reset without going through ID verification again". But still it fails and shows the attached error, users have to relogin for trying again. Any help will be greatly appreciated. Thanks, Kottees
Next Page