Updating cached credentials in ADSelfService Plus through a custom VPN
ADSelfService Plus can automatically update the locally cached credentials on remote user machines as and when users reset their passwords.
To update cached credentials, ADSelfService Plus requires the Windows login agent bundled with the product and a command line VPN client to be installed on users' machines. ADSelfService Plus supports these VPN clients: Fortinet, Cisco IPsec, Cisco AnyConnect, Windows native VPN, SonicWall NetExtender, Check Point Endpoint Connect, and SonicWall Global VPN. You can also configure custom VPN clients to update the cached credentials.
This article will give you step-by-step instructions to configure a custom VPN client with ADSelfService Plus for updating cached credentials.
Updating cached credentials through a VPN client
Configuring cached credential update through a VPN
Prerequisites
Install a VPN client with CLI support and LocalSystem account privileges on users' machines.
Configuration steps
Log in to ADSelfService Plus with administrator credentials.
Navigate to Configuration > Administrative Tools > GINA/Mac/Linux (Ctrl+Alt+Del).
Enable Cached Credential Update and select Update cached credentials through a VPN client.
Choose Custom VPN from the drop-down and specify the Hostname/IP and Port number.
Enter the VPN Client Path on the users' machines. Example: C:\Program Files (x86)\Fortinet\FortiClient.
Use macros in the VPN connect/disconnect command fields.
Supported macro(s): %user_name%, %password%, %servername% and %portno%
Sample connection command: -t vpn.selfservice.com -u john -i allow -U -P autologin -m other connect
Optionally, configure VPN access via a Service Account.
Click Save.
Note: The VPN configurations will be reflected on the users’ machines either during fresh GINA/CP client installations or on existing installations when the GINA/Mac/Linux customization scheduler runs.
To learn more about configuring cached credential updates, see this guide.
To find out how to configure cached credential updates without a VPN, see this forum post.
Like this tip? Get the most out of ADSelfService Plus by checking out more tips and tricks from our knowledge base.New to ADSelfService Plus?
Related Articles
Updating cached credentials by configuring custom VPN providers in ADSelfService Plus
ADSelfService Plus can automatically update the locally cached credentials in remote users’ machines as and when they reset their passwords. To update cached credentials, ADSelfService Plus requires the Windows logon agent, bundled with the product, ...How to configure and troubleshoot the cached credentials update feature
ManageEngine ADSelfService Plus' cached credentials update feature helps remote users reset their domain password from their login screens using the self-service password reset feature, and regain access to their Windows machines from outside the ...How to update cached credentials for remote users with ADSelfService Plus
Remote users' password challenges Remote employees may often work in a different time zone than the IT team. In such a situation, if a remote employee forgets their password, they could be stranded for hours, unable to log in to their machine for an ...How to configure custom SMS provider in ADSelfService Plus?
ADSelfService Plus lets you use any one of the following methods to send an SMS: GSM modem Clickatell (built-in support) Custom SMS gateway Configuring custom SMS gateway You can configure a custom SMS gateway to send notifications and verification ...How to migrate the ADSelfService Plus installation from one machine to another
Description This article will guide you through the process for migrating the ADSelfService Plus installation from one machine to another. Important: Before you start the migration process, please update your ADSelfService Plus installation to the ...