Whitelisting the DUO credential provider for proper functioning of the ADSelfService Plus' self-service password reset feature
If you are using Duo Security's credential provider for MFA during machine logins, and want to use ADSelfService Plus' self-service password reset and account unlock feature from login screens, merely configuring the self-service password feature and installing the ADSelfService Plus Windows login agent on end-user machines can cause issues in the feature's functionality. Whitelisting the ADSelfService Plus Windows login agent resolves this issue.
This article helps you to add a whitelist entry for ADSelfService Plus' Windows login agent for the end-user machines with Duo Security credential provider installed which will enable both the Duo Security credential provider and the ADSelfService Plus Windows login agent to work seamlessly.
Solution steps:
Step 1: Whitelist the ADSelfService Plus login agent under Duo Security credential provider
Step 2: Wrap the Duo Security credential provider to the ADSelfService Plus Windows login agent as given below,
- In the end-user machine, open the Windows Run dialog box. Type in Regedit and click OK.
- The Registry Editor will open.
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv.
- Right-click, click New, and select Multi-String Value. Name it ProvidersWhiteList.
- Double-click ProvidersWhiteList, and in the Edit String pop-up enter ADSelfService Plus' GUID {B80B099C-62EA-43cd-9540-3DD26AF3B2B0} as the Value data. Click OK.
- Next go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ZOHO CORP\ADSelfService Plus Client Software.
- Right-click, click New, and select Multi-String Value. Name it WrappingProvider.
- Double-click WrappingProvider, and in the Edit String pop-up enter Duo Security's GUID {44E2ED41-48C7-4712-A3C3-250C5E6D5D84} as the Value data. Click OK.
New to ADSelfService Plus?
Related Articles
Configuring Duo Security for Active Directory password reset
Duo Security is an access security focused application that is primarily used for multi-factor authentication. One of the ways Duo Security can be used to verify users identities is using passcodes. Here, once the user has provided their username and ...Configuring the ADSelfService Plus login agent for machine MFA and password self-service in Linux
Securing data and resources on the corporate network is of paramount importance to organizations. In a world where most corporate attacks originate at an endpoint, ADSelfService Plus offers 20 MFA factors to protect endpoints by allowing access only ...Forgot your Mac password? Reset it from the login screen with ADSelfService Plus
f users can't remember their macOS login password, they won't be able to log in to their Active Directory (AD) account either, which negatively affects their productivity. To reset Mac passwords, users can use any of the methods supported by ...How to reset passwords in Linux OS with ADSelfService Plus
IT admins are equipped to deal with much more than simple password reset calls from frustrated employees. However, when there's a huge spike in calls to unlock user accounts or reset passwords, the admin productivity is hindered and they're forced to ...How to reset forgotten Windows passwords from the login screen using ADSelfService Plus
Empowering users with a Windows password reset tool According to recent research, organizations are spending close to one million dollars annually on resolving password-related tickets. This isn’t that surprising, as the Microsoft-approved methods to ...