Enrollment is the only task that has to be completed before users can start enjoying the benefits of ADSelfService Plus password self-service. But many a time, administrators might have to constantly shoot out reminders urging users to enroll. Or much worse, they could be pushed to the extent of taking it head-on by enrolling all their users themselves, one at a time!
The glad news is that we’ve got just what is needed to wade through all this trouble. ADSelfService Plus allows administrators the convenience of performing bulk enrollment of their hitherto unenrolled users so that they can avail password self-service.
Today, we will look at the ways to bulk enroll Duo Security-enabled users for password self-service. Duo Security is a trusted access platform that organizations employ to verify user identities, ensuring secure access.
Administrators can choose between two options to perform bulk enrollment. They are:
- Import enrollment data from CSV file
- Import enrollment data from external database
Method 1: Bulk enrollment by importing Duo Security users from CSV file
To enroll for Duo Security, please ensure that the users first download the Duo Security authenticator app and enroll with Duo. Admins can then bulk-enroll the users into ADSelfService Plus.
Step 1: Create a unique 16-digit alphanumeric key for each user who is to be enrolled. This will be their secret key in the CSV file.
Step 2: Import the CSV by following these steps to enroll the users into ADSelfService Plus.
Step 3: The admin can send users their respective secret keys via email or other secure ways. Keys will be used while configuring the TOTP authenticator app on users' phones.
Note: Where applicable, users must ensure that they select third-party account while configuring their accounts on the authenticator apps.
The data imported in the CSV file should contain sAMAccountName as the header name and with the users' valid sAMAccountName values as in AD.
Steps for configuring auto-enrollment via a CSV file
- Log in to the ADSelfService Plus web console as an admin.
- Navigate to Configuration > Administrative Tools > Quick Enrollment, and click Import Enrollment Data from CSV File.
- Select a policy from the Select Policy drop-down.
Note: You can configure OU and group-based policies by going to Configuration > Self-Service > Policy Configuration. Using policies, you can enable forced enrollment for a specific group of users.
- Select the enrollment data you want to import from the Import drop-down. Please note that each authentication method requires different kinds of enrollment data.
- Select the security question if question is not selected as Import type.
- Click Choose File, and select the CSV file containing the enrollment data.
- Select the encoding standard supported by the CSV file from the File Encoding drop-down.
- Check the Overwrite enrollment data if enrolled already box if you want to overwrite users’ enrollment data.
- Click Enroll.
Tip: ADSelfService Plus also allows you to set up a scheduler for importing enrollment data from a CSV file at regular intervals so new users get enrolled automatically.