Adaptive MFA
Multi-factor authentication techniques in ADSelfService Plus
Let's take a look into the various authentication methods supported by ADSelfService Plus for enterprise multi-factor authentication (MFA). Why should you use MFA? Authentication based solely on usernames and passwords is no longer considered secure. ...
Verify users' identities using SAML-based identity providers during self-service password reset and account unlock
Among the extensive range of MFA options supported by ADSelfService Plus, SAML authentication is one of the available methods. Verification of user's identity is done using SAML-based identity providers like OneLogin or Okta. When SAML authentication ...
SMS and email verification codes
With mobile devices becoming almost like an additional limb for most of us, it makes sense to utilize them as a tool to prove our identity. SMS and email verification codes are sent to the registered mobile number or email address of users, and they ...
Remote Desktop Protocol password brute-force attacks
Work-from-home conditions have become increasingly prevalent since the pandemic. This shift in working arrangements has made remote desktop applications and VPNs essential tools for accessing enterprise resources within corporate networks. What is ...
How to set up multi-factor authentication (MFA) for macOS
When employees are forced to manage multiple passwords, they tend to reuse the same password across multiple applications or create simple, easy-to-remember passwords that are not strong enough. This makes them an easy target for attackers who use ...
Configuring MFA for ISE with RADIUS
This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Identity Services Engine (ISE) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for Cisco ISE, ...
How to set up multi-factor authentication for Linux logins
For its architecture and compatibility, Linux has always been a popular operating system among IT professionals who handle critical workloads in cloud computing environments. However, this widely used OS is also susceptible to data breaches and ...
Configuring MFA for FTD VPN using RADIUS
This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Firepower Threat Defense (FTD) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for Cisco FTD, ...
Configuring MFA for Cisco ASA SSL VPN using RADIUS
This guide provides steps for enabling multi-factor authentication (MFA) using RADIUS for Cisco's Adaptive Security Appliance (ASA) product using ManageEngine ADSelfService Plus' MFA for VPN feature. To enable RADIUS-based authentication for VPN ...
How to configure multi-factor authentication with RSA SecurID
Setting up RSA SecurID authentication You can set up RSA SecurID as an authenticator in ADSelfService Plus in two steps: Include the ADSelfService Plus server in the SecurID SECURITY CONSOLE as an authentication agent. Configure ADSelfService Plus ...
How to configure multi-factor authentication with Duo Security
ADSelfService Plus wards off potential security threats by fortifying access to user accounts with multi-factor authentication (MFA), by adding an extra layer of security. When MFA is enabled, users are required to prove their identity through the ...
How to fight password theft using the multi-factor authentication techniques available in ADSelfService Plus
Issue: One of the main intrusion techniques used by hackers is password theft. In fact, stolen credentials ranked among the top 5 data breach action types in 2022. Use case: Most organizations rely heavily on passwords to secure their network ...
How to enable multi-factor authentication for privileged users
How can multi-factor authentication secure privileged user accounts? While all user accounts must be authenticated before gaining access to enterprise resources, privileged user accounts are of the utmost priority because they pose the greatest risk ...
How do you enable conditional access in ADSelfService Plus?
ADSelfService Plus' Conditional Access feature helps organizations manage access to their IT environment without admin intervention. Access control decisions are automatically made based on users' IP address, device, time of access, and geolocation. ...
Configuring YubiKey authentication for Active Directory password resets and logins
YubiKey Authenticator is a hardware authentication device that is widely used as a multi-factor authentication (MFA) method. Authentication using this method involves plugging the YubiKey device into a user's machine or tapping it against the user's ...
Configuring TOTP authentication for Active Directory-based actions
Time-based one-time-password or TOTP is one of the most common methods used in multi-factor authentication (MFA). With this method, users are required to enter a passcode within a specific time from its generation. When users prove their identity in ...
Configuring RADIUS authentication for Active Directory-based actions
Traditional logins to resources on an organizational network involve only a username and password. However, if all the data breaches in recent years teach us anything, it is that they are not sufficient. Multi-factor authentication (MFA) has become ...
Configuring push notification for Active Directory-based actions
Push notification is a method of authentication which involves users receiving an alert on their mobile devices. When push notification is configured as a multi-factor authentication (MFA) method, users need to have a push notification app installed ...
Configuring QR code-based authentication for Active Directory-based actions
QR code-based authentication is a type of multi-factor authentication method that involves scanning a QR code with an app in order to verify one's identity. When authenticating into a service using MFA, users need to provide their account credentials ...
Configuring Microsoft Authenticator for Active Directory-based actions
Microsoft Authenticator is an authentication method developed by Google that uses a time-based one-time-passcode (TOTP) in order to verify users' identities. It is often used as one of the multi-factor authentication (MFA) methods along with others ...
Configuring Google Authenticator for Active Directory password resets and logins
Google Authenticator is an authentication method developed by Google that uses a time-based one-time-passcode (TOTP) in order to verify users' identities. It is often used as one of the multi-factor authentication (MFA) methods along with others in ...
Configuring fingerprint authentication for Active Directory password resets and logins
Fingerprint authentication is an identity verification method that is widely used in recent times. The fact that everyone has a unique fingerprint makes it one of the more secure methods of authentication. Fingerprint authentication is also simple ...
Configuring Duo Security for Active Directory password reset
Duo Security is an access security focused application that is primarily used for multi-factor authentication. One of the ways Duo Security can be used to verify users identities is using passcodes. Here, once the user has provided their username and ...
How to safeguard local and remote Windows logons via ADSelfService Plus' endpoint multi-factor authentication
With cyberattacks on the rise, having only passwords as a defense mechanism is no longer safe. An additional filter is required to restrict unauthorized users. ADSelfService Plus handles this situation by supporting multi-factor authentication (MFA) ...
How to enable smart card authentication in ADSelfService Plus?
ADSelfService Plus supports smart card authentication which enables users to access the self-service portal securely, without having to enter a password. If your organization already utilizes smart cards, PKI, or certificates as an authentication ...
Enable biometric, QR code, push notification, and TOTP based verification for self-service password reset
Solution ADSelfService Plus supports multi-factor authentication (MFA) to verify and secure the identity and access of users. The ADSelfService Plus mobile app verifies the identities of users through the following authentication methods: Fingerprint ...
Configuring Salesforce Authenticator for identity verification
ADSelfService Plus supports custom time-based one-time password (TOTP) authenticators for MFA. Below are the steps to set up Salesforce Authenticator as one of the MFA methods for identity verification. Navigate to Configuration > Self-Service > ...
Updating the ADSelfService Plus Login Agent for macOS
The ADSelfService Plus login agent for macOS can be updated from the ADSelfService Plus admin portal, manually through the Terminal on the machine running macOS, or via tools like Endpoint Central. Updating the login agent through the ADSelfService ...
Common VPN and RADIUS-based endpoints and the ADSelfService Plus authenticators they support
ADSelfService Plus supports the following types of authenticators for VPN MFA: One-way authenticators Push Notification Authentication Fingerprint/Face ID Authentication These authenticators are automatically applicable for all the endpoints ...
Creating IP-Based Rules to Bypass MFA for Specific Client Locations in ADSelfService Plus
To configure a rule that allows clients from a specified area (based on IP) to bypass Multi-Factor Authentication (MFA), follow these guidelines for setting up Adaptive MFA using Conditional Access. Note: The policy names used in this article are for ...
How to enable offline MFA in ADSelfService Plus
ManageEngine ADSelfService Plus supports offline multi-factor authentication (MFA) for Windows machine logins, User Account Control (UAC) prompt elevation, and Remote Desktop Protocol (RDP) server authentication when the product server is ...
How to enable MFA for web applications
How to enable MFA for web applications This article describes the steps to integrate and enable MFA for web application powered by either SAML Version 2 or OAuth/OIDC, using ADSelfService Plus. Step 1: Enable SSO to the web application through ...
How to enable multi-factor authentication for RDP
Generally, remote employees use Microsoft Remote Desktop Protocol (RDP) to connect to their work devices from an external network, using only a password to authenticate their devices. This makes RDP-based access highly vulnerable to password-based ...
How to enable Zoho OneAuth TOTP for MFA?
In enterprise networks, user identity verification is no longer carried out simply through usernames and passwords. This is because without additional authentication layers, i.e., multi-factor authentication, enterprise networks and resources become ...
Updating the ADSelfService Plus Login Agent in Windows
The ADSelfService Plus login agent can be installed on machines running Windows manually, through the ADSelfService Plus admin portal, via GPOs, SCCM, and tools like Endpoint Central. You can update the Windows login agent to its latest version in ...