Error: Your account is not enrolled for multi-factor authentication. Please enroll to avail the service
Issue description
Users may encounter the error message "Your account is not enrolled for multi-factor authentication. Please enroll to avail the service" when trying to log in to ADSelfService Plus.
Possible cause
- MFA is enabled for ADSelfService Plus login, but the user has not enrolled in any MFA method.
Prerequisite
- Administrative access to the ADSelfService Plus portal.
Resolution
Step 1: Configure forced MFA enrollment
The ADSelfService Plus administrator should:
- Log in to the ADSelfService Plus console.
- Navigate to Configuration > Self-Service > Multi factor Authentication > Advanced > Applications MFA.
- Enable the Force enrollment for not enrolled users after successful password verification setting.
- Click Save to apply the changes.
Step 2: Instruct user to complete MFA enrollment
Once forced enrollment is enabled:
- Ask the user to log in to the ADSelfService Plus portal using their AD credentials.
- After successful password verification, the user will be prompted to enroll for MFA.
- The user should follow the on-screen steps to configure the required authentication methods.
- After completing enrollment, the user will be able to log in successfully using MFA.
How to reach support
If the issue persists, contact our support team here.
New to ADSelfService Plus?
Related Articles
Multi-factor authentication techniques in ADSelfService Plus
Let's take a look into the various authentication methods supported by ADSelfService Plus for enterprise multi-factor authentication (MFA). Why should you use MFA? Authentication based solely on usernames and passwords is no longer considered secure. ...How to configure multi-factor authentication with RSA SecurID
Setting up RSA SecurID authentication You can set up RSA SecurID as an authenticator in ADSelfService Plus in two steps: Include the ADSelfService Plus server in the SecurID SECURITY CONSOLE as an authentication agent. Configure ADSelfService Plus ...Verify users' identities using SAML-based identity providers during self-service password reset and account unlock
SAML authentication is one of the available methods among the extensive range of MFA options supported by ADSelfService Plus. Verification of a user's identity is done using SAML-based identity providers like OneLogin, Okta, or custom SAML-based ...How to configure multi-factor authentication with Duo Security
ADSelfService Plus wards off potential security threats by fortifying access to user accounts with multi-factor authentication (MFA), by adding an extra layer of security. When MFA is enabled, users are required to prove their identity through the ...How to enable multi-factor authentication for privileged users
How can multi-factor authentication secure privileged user accounts? While all user accounts must be authenticated before gaining access to enterprise resources, privileged user accounts are of the utmost priority because they pose the greatest risk ...