ADSelfService Plus can automatically update the locally cached credentials on remote user machines as and when users reset their passwords.
To update cached credentials, ADSelfService Plus requires the Windows login agent bundled with the product and a command line VPN client to be installed on users' machines. ADSelfService Plus supports these VPN clients: Fortinet, Cisco IPsec, Cisco AnyConnect, Windows native VPN, SonicWall NetExtender, Check Point Endpoint Connect, and SonicWall Global VPN. You can also configure custom VPN clients to update the cached credentials.
This article will give you step-by-step instructions to configure a custom VPN client with ADSelfService Plus for updating cached credentials.
Install a VPN client with CLI support and LocalSystem account privileges on users' machines.
Log in to ADSelfService Plus with administrator credentials.
Navigate to Configuration > Administrative Tools > GINA/Mac/Linux (Ctrl+Alt+Del).
Enable Cached Credential Update and select Update cached credentials through a VPN client.
Choose Custom VPN from the drop-down and specify the Hostname/IP and Port number.
Enter the VPN Client Path on the users' machines. Example: C:\Program Files (x86)\Fortinet\FortiClient.
Use macros in the VPN connect/disconnect command fields.
Supported macro(s): %user_name%, %password%, %servername% and %portno%
Sample connection command: -t vpn.selfservice.com -u john -i allow -U -P autologin -m other connect
Optionally, configure VPN access via a Service Account.
Click Save.
Note: The VPN configurations will be reflected on the users’ machines either during fresh GINA/CP client installations or on existing installations when the GINA/Mac/Linux customization scheduler runs.
To learn more about configuring cached credential updates, see this guide.
To find out how to configure cached credential updates without a VPN, see this forum post.
Like this tip? Get the most out of ADSelfService Plus by checking out more tips and tricks from our knowledge base.