Hello Everyone,

ADSelfService Plus' latest build, 6513, has been released with the following updates:

Enhancements  

1. Support for Smart Card Authentication using USB devices like YubiKeys and PIV cards has now been extended beyond the ADSelfService Plus portal to include logins to VPNs, Outlook Web Access, and Windows machines.
   

2. MFA for VPNs can be configured with any authenticator offered by ADSelfService Plus, including FIDO Passkeys, Smart Card Authentication, and other MFA methods not natively supported by the VPN client, by clicking a secure browser-based link.   Learn more
   

3. The Account Blocking feature has been enhanced to secure Active Directory accounts by extending its coverage to both portal logins and enterprise applications, providing comprehensive protection against unauthorized access.
   

4. The Account Blocking feature has been enhanced to allow admins to control or automate the unblocking of accounts blocked due to failed authentication attempts.
   

5. Separate authenticators can now be configured for self-service password resets and account unlocks.
   

6. Granular MFA enforcement on protected Windows resources can now be applied to specific sets of users via policies. Learn more
   

7. ADSelfService Plus now supports auto-launching SSO applications upon user logins, streamlining access to apps and eliminating the need for extra clicks.
   

8. SAML attribute assertions can now be passed for multi-valued attributes, enabling applications to support complex user attributes more efficiently.
   

9. Bookmark applications for SSO : ADSelfService Plus' now offers a Bookmark feature, which provides a convenient way to integrate external applications which do not support protocols like SAML, OAuth, or OIDC, into the user portal.Learn more
   

10. Admins can now choose to perform report generation, license management, and login agent installation exclusively on parent OUs, without affecting the child OUs.
    

11. An option to skip MFA during OWA logins if the user has not enrolled for the required authenticators has been added.
    

12. Admins can now limit the number of secondary email addresses and phone numbers a user can add to their profile.
    

13. A username format will now need to be configured to use the TOTP-based authenticators offered for MFA.
    

14. Using the Password Policy Enforcer, you can now force your users to set strong passwords that match custom regex patterns. Learn more
    

15. The Notification Delivery Report and Password/Account Expiry Notifications Delivery Report now include additional columns with information about the recipient's (admin or manager) email address.
    

  Issue Fixes  

1. To improve security and prevent unauthorized access to resources protected with TOTP-based authenticators, TOTPs which have been used to verify the user's identity once cannot be reused even if the TOTP lifetime is still valid.
   

2. An issue that prevented user enrollment data for FIDO Passkeys from appearing in the MFA Enrollment Audit Report has been resolved. This issue occurred following modifications to the Access URL.
   

How do I update to this build?

Update using the service pack .

New to ADSelfService Plus?

Download the free, fully-functional 30-day trial now.

Have any questions or suggestions? Let us know in the comments section.

Regards,