Error: You need to enable self-service password reset/account unlock feature or ADSelfService Plus MFA.
Issue description
The error message "You need to enable self-service password reset/account unlock feature or ADSelfService Plus MFA" is displayed when an admin tries to import enrollment data from an external database.
Possible cause
- No self-service policy is currently configured with either the password reset or account unlock features or MFA enabled. ADSelfService Plus requires an active policy defining the use of these features to appropriately process and link the imported enrollment data.
Resolution
To resolve this issue, you need to configure a self-service policy that enables either the password reset, account unlock features, or MFA. You can achieve this by creating a new policy or modifying an existing one.
- Log in to the ADSelfService Plus admin portal.
- Navigate to Configuration > Self-Service > Policy Configuration.
Option 1: Create a new policy
This is suitable if you do not have an existing policy covering the intended users or features.
- Click Add New Policy.
- Enter a unique policy name.
- Select the Reset Password and/or Unlock Account checkboxes.
- Click Select OUs/Groups.
- Include the OUs and groups that contain the users for whom you intend to import the enrollment data.
- Click Save Policy.
- To enable MFA, navigate to the Multi-factor Authentication tab. Configure and enable the desired MFA methods (e.g., Google Authenticator, SMS authentication, etc.) as per your requirements.
Note: You only need to enable one of these features (either Password Reset/Account Unlock or MFA) to import enrollment data. You can enable other self-service features if required.
Option 2: Modify an existing policy
This is suitable if you have an existing policy that you wish to update to include the necessary features.
- Locate the existing policy you wish to modify in the Available Policies list.
- Click the Edit icon next to that policy.
- Ensure the policy has Reset Password and/or Unlock Account enabled.
- Alternatively, navigate to the Multi-factor Authentication tab and configure MFA methods for this policy.
After successfully configuring or modifying the policy with the necessary features, retry importing the external database enrollment data.
How to reach support
New to ADSelfService Plus?
Related Articles
ADSelfService Plus self-service password reset configuration: Reset & Unlock tab
Reset & Unlock tab The Reset & Unlock tab consists of settings related to the self-password reset and account unlock features. Learn how to configure these settings to suit your requirements. Here are the settings under the Reset & Unlock tab: Unlock ...Self-service password reset and account unlock for Chromebook devices
The Chromebook is Google's low-cost alternative to traditional laptops. Unlike Windows, macOS, and Linux machines, a Chromebook runs on the Chrome OS. Users can login to their Chromebook using their AD domain credentials, if their device has been ...Self-service password reset for Windows 7, 8, and 10
We've all had to reset a forgotten password at some point in our lives. But have you ever wondered what goes on behind the scenes when you initiate a password reset? Have you considered the security risks that can arise due to poor password ...Zendesk password reset
Zendesk admins can enable users with the capability to reset their own, should they forget them. To reset their passwords, users have to: Open the Zendesk login page. Click Forgot your password in the login screen. Open the email sent by the Zendesk ...Verify users' identities using SAML-based identity providers during self-service password reset and account unlock
SAML authentication is one of the available methods among the extensive range of MFA options supported by ADSelfService Plus. Verification of a user's identity is done using SAML-based identity providers like OneLogin, Okta, or custom SAML-based ...