Solution

• Fingerprint authentication
• QR code-based authentication
• Push notification authentication
• Time-based one-time passcode (TOTP) authentication

Deploying a custom blend of these authentication methods proves effective in keeping attackers at bay. And, with administrators holding the power to determine how end users can authenticate themselves, the process can be controlled and monitored.

This article will help you enable the required identity verification techniques for verifying user identities via the ADSelfService Plus mobile app.

Steps involved:

• Log in to ADSelfService Plus as an administrator.
  
• Navigate to Configuration → Multi-factor Authentication → Authenticators Setup.
• Select the appropriate policy from the drop-down list.
  Note: To create or edit a policy, navigate to the Configuration tab → Self-Service → Policy Configuration. You can either create a new self-service policy by clicking the +Add New Policy button, or edit the existing default policy. For detailed steps, click here.
• Click the Push Notification Authentication section if you wish to enable this feature. From the panel that opens, click the Enable Push Notification Authentication button.
• Follow the same procedure with Fingerprint Authentication, QR Code Based Authentication, and TOTP authentication if you wish to enable those features.

  
  Mobile App Authenticator

• Click Save.
  Note: Once you have enabled these features, you need to associate them to any of the following operations:

  1. Password reset/account unlock
  2. ADSelfService Plus login
  3. Endpoint two-factor authentication (2FA).
• Navigate to Configuration → Multi-factor Authentication → MFA/TFA Settings, and select the operations you want to enable the authenticators for.

  

You are all set to verify the identities of your users via the ADSelfService Plus mobile app!