In this week’s did you know series, we will look in to the various multi-factor authentication techniques available in ADSelfService Plus.

Why Multi -factor Authentication?

Even a simple  action such as a  self-service password reset has the potential to  expose your Active Directory to hackers. To mitigate such security risks, ADSelfService Plus verifies users’ identities  using two or more factors of authentication as opposed to a single-factor of authentication .

Various Authentication Techniques Available in ADSelfService Plus

• Security Questions & Answers  – A pre-defined set of challenge questions such as “What are the last five digits of your social security number?”  You can configure these questions to be either administrator defined or user defined.  Furthermore, you can configure the minimum and maximum number of characters that  should be present in the  question s  and answer s.

• SMS-based Verification Code  – A one-time passcode is sent to the users’ mobile number. You can either choose the mobile number from the users' Active Directory profiles or let the users specify their own mobile numbers.

• Email-based Verification Code  -  A one-time passcode is sent to the users’  email ID .  You can either choose the email ID from the users' Active Directory profiles or let the users specify their own  email IDs.

• Google Authenticator   – The Google Authenticator app generates a timed code which the users should enter to authenticate themselves. Users have to install the Google Authenticator app and configure it with ADSelfService Plus using the bar code given in the self-service portal under the enrollment tab.

How to Configure Multi-factor Authentication

You can choose just one authentication technique or  a combination of techniques  to verify users’ identities  during the password reset and account unlock process .   Click here  for configuration steps.