ADSelfService Plus now extends MFA and Password Policy features to product technicians
Hello everyone, We are glad to announce the release of ADSelfService Plus' latest build, 6204, with the following enhancement and issue fixes. Enhancement: The MFA and Password Policy Enforcer features have now been extended to technicians who use
Auto-Enrollment Issues
I have set up AD to export our user OUs to a csv daily and trying to configure auto-enrollment to run daily using that csv. I'm getting the "invalid header" error if I try to run an import from that file location If I save that export to my computer and
Connect ADSelfService with Azure AD
Hi there, There is a way to connect directly to Azure AD without an OnPrem AD. I cannot connect ADSelf Service with Azure AD. If you have done this please share the steps. BR
Disable / Hide Applications Tab in ADSelfService Plus User View
Hi Guys, Need your help, how can i disable / hide Applications Tab in ADSelfService Plus User View?
Primary and alternative method
Hello everyone. I would like to ask if there is a way to set up a primary method to authenticate (eg. always use push notification) but when not available the user could click a link on the authentication page and select an alternative method. Thanks
ADSelfService Plus' latest build 6203 now released with an important security issue fix
Hey everyone, This is to announce the release of ADSelfService Plus' latest build, 6203, with the following issue fix. Issue fixed: A denial-of-service attack issue (CVE-2022-34829) in the ADSelfService Plus Mobile App Deployment API has now been fixed.
ADSelfService Plus' latest build 6200 released!
Hello everyone, This is to announce the release of ADSelfService Plus' latest build, 6200, with some issue fixes. Issues fixed: The communication between the Password Sync Agent and the ADSelfService Plus server has now been secured with the inclusion
Reset Admin portal but it doesnt work
We're using the free version of ADSelfService Plus to send out password expiration reminder emails. I changed the default admin password but when I do, the new password doesn't take effect nor does the old one work. Any suggestions on a fix?
adminLogin.cc not working
Using Chrome. When trying to administrate ADSelfService Plus with AD SSO enabled, I usually go to https://<domain>:9251/adminLogin.cc However, since updating to 6200, when I go to that address, I get the screen that says "ManageEngine ADSelfService Plus
Password Sync agent needs .net framework 2.0 and 3.5 to work. Both these have a CVE.
The article (https://www.manageengine.com/products/self-service-password/help/admin-guide/Application/sync/password-sync-agent-native-password-reset.html) says Domain controller should have Microsoft .NET Framework 2.0 or 3.5 for password sync agent
ADSelfService Plus Fixes and Enhancements [2022]
Release Notes for build 6212 (Nov 14, 2022) Feature: Hardware TOTP token support: Hardware tokens such as Protectimus hardware TOTP token and Deepnet Security hardware token can now be configured as a custom TOTP authenticator for identity verification.
MFA for Endopoint not working on unlock
I have MFA for endpoint setup on our servers and when logging in it functions without issue. But when a server is locked and then unlocked it does not prompt for MFA and lets the user right in. Is this expected behavior? If not what needs to be changed
OWA integration installation problem
1. I installed version 6.1 Build 6123 on Exchange 2019 CU12 on Server 2019 2. I downloaded the android app and was able to enroll the user 3. I verified I could log in to OWA. I got the forms login page, and entered a username/password. This worked 4.
Can enrollment be moderated
Hello: We are currently testing ADSelfService Plus for our company and like it quite a bit. We are wondering however if there is a way to moderate the enrollment process? We would like all enrollments to be approved by the technicians of the appl
OpenLDAP password synchronization for users with polish charset
Hello, I have problem with synchronizing password change to OpenLDAP for users with polish charset in CN ex: „cn=Adam Łącki,ou=Work,ou=Users,ou=PR,ou=ODD,dc=domain,dc=local” When I change password for this usser in AD DS, ADSelfService Plus is detecting
owa installation
I installed version 6.1 Build 6123 on Exchange 2019 CU12 on Server 2019 I manually added the inbound firewall rule for the admin portal (as it could not work without this) I was blocked initially by Configuration:MFA:MFA for endpoints requiring HTTPS
Reset Admin Login Requirements
Hello there, I'm currently trying to repair a very broken, old, and undocumented test environment for ADSelfService Plus. When trying to access the admin logon (via /adminLogin.cc), we get the following, even locally on the server it's installed on..
Using VPN to update cached credentials ADSelfService Plus
Can someone explain to me how the VPN works with this. I have entered the VPN Settings for our NetExtender. I am just curious how this works since it is not asking for any credentials to log into the VPN. Our VPN credentials are tied to our AD usernames/passwords so just a little confused on this part of the setup. Thanks,
Secure helpdesk user verification
The helpdesk is a popular target for hackers. The most popular tactic used is social engineering. While social engineering is likely when using security questions, it is much less common if multi-factor authentication is used. A much needed feature in
GINA 2FA prompt everytime
We are getting ready to roll out this product. When I install the GINA client on my laptop, it works fine. But it is prompting me for answers to my enrollment questions on every single unlock or login. I don't want it to do that, I want it to just be
ADSelfService Plus and log4j (CVE-2021-44228)
Hi, Is the latest version of ADSelfService is vulnerable to the recent log4j vulnerability? Looking at the library files I can see both log4j 1.2.8 and 1.2.15. I really think that the home page should direct us to a status page regarding this issue. Some
Spring4Shell in ADSelfservice Plus
Searching my \Lib folder today found the following files spring-beans-4.2.0.RC3.jar spring-core-4.2.0.RC3.jar spring-context-4.2.0.RC3.jar I know AD Selfservice plus runs Java 8 not java 9, but all the same, could we get a updated version of this library
Updating Cached Credential Over VPN (Cisco Anyconnect)
Hello, I am unable to get the system to update the cached credential over vpn after password reset. I previously had a support case with manageengine regarding this, which was resolved, but I have since then lost the settings. I believe the resolution
Challenge Questions Confirmation Needed
Can we please get the feature added prompting users to confirm their response questions? As it stands now users can incorrectly type their response questions and then not be able to unlock their account or reset their passwords. We cannot even deploy this app until this happens. This should be very easy to do with a hotfix. Please provide an ETA. Regards, e-
ADSelfService Plus' latest build 6123 released with some security issue fixes
Hello everyone, This is to announce the release of ADSelfService Plus' new build 6123 which fixes the following security vulnerabilities. Issues fixed: A security vulnerability which exposed admin credentials if the ADSelfService Plus server access was
Attackers Gaining Administrative Access to Zoho ManageEngine ADSelfService Plus Instances
FYI anyone with internet facing selfservice should act quick Rapid7 reporting Attackers Gaining Administrative Access to Zoho ManageEngine ADSelfService Plus Instances Rapid7 Managed Detection and Response (MDR) recently observed several incidents in
Changelog for GINA/Mac/Linux Login Tool (5.9 update)?
Is there a changelog for the recent 5.9 update to the GINA/Mac/Linux login tool?
Some users can can use old passwords and some not??
Hello... We have Windows Server 2012 R2, where we have a server named AD-1 and is the primary so to speak and AD-2 is the secondary, meaning only AD-1 can send out the changes. We are using ADself service Plus. Not sure where to look to get the version
Your account is not configured for Multi-Factor Authentication. Please contact your Administrator.
I am trying to enforce MFA enrollment and MFA on our superadmin accounts in ADSelfService Plus. The superadmin accounts are a couple of user accounts synced from Active Directory. These user accounts are in their own OU in AD and do NOT have any other
Locked out of system
We've updated our main AD administrator account which was configured within SelfService for domain configuration. Problem is we are now unable to log in to the system to update the configuration with the new password (get Invalid domain configuration
[Important] ADSelfService Plus 6122 Security Fix Release
Hello everyone, This is to announce the release of ADSelfService Plus' latest build, 6122, with the following issues fix. Issue Fix: In product instances where post-action custom scripts are enabled, a security vulnerability (CVE-2022-28810) which could
How to configure password Sync in three domains multidirectional
Its possible to do a multiway password Sync with 3 domains? I configure password Sync agent in all dcs of the 3 domains, and create 6 Sync policíes A to B, A to C, B to A, B ti C, C to A and C to B. I do this config because a suport technician tell me
DUO MFA call via HTTP (Windows GINA client)
Hello ManageEngine, We are deploying the ManageEngine GINA v5.9 client via HTTPS and it works well however our environment blocks HTTP calls to the outside world. This comes into play during the GINA DUO MFA prompt. From the logon screen, after a user
Mobile App: customizing help page?
Hello everyone, I've been wondering if there is the possibility to customize the help page in the ManageEngine ADSelfServicePlus App, or is it a built-in page? Thanks David
Granular permissions for technicians
We have multiple technicians who help our customers and if can we add more Granular permissions to technician roles so that instead of giving them "ADMIN" access we can give them limited access to enroll/edit individual users or bulk edit/enroll users
Multiple push requests to ADSS App for VPN
I just finished setting up MFA for VPN on our network and we are in pilot mode. Everything seems to be working well, except when users are logging in their mobile phones are getting multiple requests to allow the login. Even after the first request was
Hide synchronization status
Hi, I want to know if there is way not to display the status of the synchronization ? We synchronize multiple directories, but in the Domino directory only 80% of the users have an account, and for the others the popup displays that the user cannot be
Post Action custom script questions
So I'm thinking that these scripts might help me out of a strange situations I'm in. However I can find little documentation on exactly how these scripts work. The example supplied example is: cscript test.vbs %userName% %password% But where is the default location for this script? Can I use absolute paths? I see the tokens %userName% and %password%, but what other tokens are available? Is the return value from the script used? Thanks Bob Where are these script co Run custom script to synchronize
Account unlock/Password reset trying under the identity of the user
Hi, We have recently setup a new policy that uses MFA. Until you try to unlock an account or reset a password, everything works fine. When you try either option, we are getting a native exceptions: adssp.error.native.no_unlock_priviledge::::: For the
Some Authentication Problem when logging in
Hello Everyone, hopefully you could help us resolved our concern below. When users logged in they encounter this issue. Any ideas/troubleshooting procedures will be a great help.
Next Page