In this week’s did you know series, we will look in to the various multi-factor authentication techniques available in ADSelfService Plus.
Even a simple action such as a self-service password reset has the potential to expose your Active Directory to hackers. To mitigate such security risks, ADSelfService Plus verifies users’ identities using two or more factors of authentication as opposed to a single-factor of authentication .
Security Questions & Answers – A pre-defined set of challenge questions such as “What are the last five digits of your social security number?” You can configure these questions to be either administrator defined or user defined. Furthermore, you can configure the minimum and maximum number of characters that should be present in the question s and answer s.
SMS-based Verification Code – A one-time passcode is sent to the users’ mobile number. You can either choose the mobile number from the users' Active Directory profiles or let the users specify their own mobile numbers.
Email-based Verification Code - A one-time passcode is sent to the users’ email ID . You can either choose the email ID from the users' Active Directory profiles or let the users specify their own email IDs.
Google Authenticator – The Google Authenticator app generates a timed code which the users should enter to authenticate themselves. Users have to install the Google Authenticator app and configure it with ADSelfService Plus using the bar code given in the self-service portal under the enrollment tab.
You can choose just one authentication technique or a combination of techniques to verify users’ identities during the password reset and account unlock process . Click here for configuration steps.