[Tips and Tricks] – How to synchronize passwords between two Active Directory domains?
One of the most common issues in dealing with multiple Active Directory domains is handling different sets of passwords. Be it for domain migrations or maintaining separate domains for desktop login and Exchange mail box access, users have to handle different passwords for each domain. This would complicate user password management and result in an increase in the number of password-related tickets, eventually affecting overall productivity. This article will show how you can synchronize passwords
[Tips & Tricks] How to enable two-factor authentication for Windows logons using ADSelfService Plus?
With cyber-attacks on the rise, only having passwords as a defense mechanism is no longer safe. An additional filter is required to weed out unauthorized users. ADSelfService Plus handles the above issue by supporting two-factor authentication (TFA) to all Windows local and remote login attempts. Once this feature is enabled, users will be required to input their Active Directory domain credentials, and additionally get authenticated via the selected TFA method configured in ADSelfService Plus.
Radius MFA
Has anybody had issues connecting ADSelfService Plus to OpenRadius. I am asking as OpenRadias has a LinOPT connector which would then connect to a Feitian OTP c200 hardware token. In theory when a user logs on AD SelfService Plus will request a MFA challenge,
Breaking Active Directory passwords with brute-force
With the exponential rise in the number of enterprise applications, users tend to fall into the habit of using weak passwords to secure their accounts. Hackers use this to their advantage by targeting user accounts with sophisticated credential-based attacks like brute force. After all, hackers only need one set of valid credentials to gain access to the organization’s network and cause havoc. Wouldn't it be great if you could protect your business from cyberattacks by ensuring that users create
Do you use PowerShell scripts to notify users of password expiration via email?
Most IT admins use PowerShell scripts to send password expiration notifications to users' email addresses configured in Active Directory. However, if admins want to send or schedule multiple email notifications, PowerShell scripts might be of little help. ADSelfService Plus' Password Expiration Notifier, on the other hand, enables IT admins to set up a scheduler to send phased SMS and email alerts to users from an easy to use interface. It can also send email alerts for soon-to-expire accounts as
[Tips & Tricks] Blacklist passwords using ADSelfService Plus
With the rise in number of enterprise applications, it can be relatively easy for users to fall into the habit of using passwords like ‘Password@123’. This password complies with several password hardening measures and satisfies the Windows Active Directory password complexity requirements as well. However, it can be easily cracked by means of a dictionary attack. ADSelfService Plus secures passwords from sophisticated password attacks by disallowing users from using commonly used passwords, patterns,
[Tips & Tricks] How to enable SAML-based SSO for ADSelfService Plus using OneLogin?
Last week we saw how ADSelfService Plus facilitated SSO for its web console through Okta. This week let’s learn how to set up one click access to ADSelfService Plus’ console through OneLogin. If SSO is enabled, whenever a user attempts to log on to ADSelfService Plus’ web console, OneLogin will authenticate the request and grant access to the ADSelfService Plus portal. When a user is already logged in to OneLogin and tries to access ADSelfService Plus, the user will be granted access automatically.
[Tips & Tricks] How to enable SAML-based SSO for ADSelfService Plus using Okta?
If your organization uses SAML-based identity provider (IdP) applications such as Okta, you can enable one click access (SSO) to ADSelfService Plus' web console. Once SSO is enabled, whenever a user attempts to log on to ADSelfService Plus’ web console, Okta will authenticates the request and grants access to ADSelfService Plus portal. If a user is already logged in to Okta and tries to access ADSelfService Plus, the user will be granted access automatically. Prerequisite If you do not find ADSelfService
[Tips & Tricks] Updating cached credentials by configuring custom VPN providers in ADSelfService Plus.
ADSelfService Plus can automatically update the locally cached credentials in remote users’ machines as and when they reset their passwords. To update cached credentials, ADSelfService Plus requires the Windows logon agent, bundled with the product, and a command line VPN client to be installed in the users' machines. It supports these VPN clients: Fortinet, Cisco IPSec, Cisco AnyConnect, Windows Native VPN, SonicWall NetExtender, Checkpoint EndPoint Connect, and SonicWall Global VPN. You can also
[Tips & Tricks] Configuring high availability in ADSelfService Plus
ADSelfService Plus utilises automated failover to support high availability in case of system and product failures. Essentially, this means that when the ADSelfService Plus service fails on one machine, another instance of ADSelfService Plus running on another machine automatically takes over. Before configuring high availability in ADSelfService Plus, make sure that the following conditions are satisfied. Condition 1: Download and install ADSelfService Plus in two separate machines. If you already
[Tips & Tricks] How to prevent concurrent logins for a user in ADSelfService Plus
Concurrent logins can lead to the use of valid credentials by illegitimate personnel at the same time as the legitimate user to authenticate to the network. This could lead to multiple security issues within the organization like misuse of the user's personal information or resources to perform unauthorized actions. This can also result in the user being wrongly held accountable for the harmful actions of another user with malicious intent. In ADSelfService Plus, when a user is logged in from multiple clients,
[Free White Paper] Common password attack methods and how not to become a victim
Verizon data breach investigations report (2018) revealed that over 43,000 successful accesses via stolen credentials were recorded in 2017. Hackers are incessantly looking for vulnerabilities in any form to intrude into your network. Even if one account in your network is compromised, there's a high chance of sensitive data leakage.How do you prevent this? How do you secure your privileged user accounts and passwords? Read our expert's guide "Shifting landscape of passwords and how to keep up with
[Tips & Tricks] How to synchronize Active Directory passwords with ServiceNow using ADSelfService Plus
ServiceNow provides cloud-based IT Service Management (ITSM) software that comes bundled with user self-service options to meet the various needs of enterprises. With the help of ADSelfService Plus's real-time password synchronizer, users can now log in to their ServiceNow accounts with their Active Directory passwords. This will enable users to use the same set of credentials across both the platforms, thereby eliminating the need to remember multiple passwords. Prerequisites: You will need a
[Tips & Tricks] Verify users' identities using SAML-based identity providers during self-service password reset and account unlock
In the long list of multi-factor authentication options that ADSelfService Plus supports, the latest addition is SAML Authentication. Verification of user's identity is done using SAML-based identity providers like OneLogin or Okta. When SAML Authentication is enabled in ADSelfService Plus, users are routed to their identity provider login URL for authentication, during password self-service operations. After successful authentication in the identity provider, users are redirected back to the ADSelfService
[Tips & Tricks] How to synchronize the passwords of Oracle Database accounts with Active Directory using ADSelfService Plus?
Two weeks ago, we saw how ADSelfService Plus facilitated password synchronization between Zendesk and Active Directory. This week, let’s learn how to integrate Oracle Database with Active Directory for password synchronization using ADSelfService Plus. With ADSelfService Plus’ Real-time Password Synchronizer, update the password of users' Oracle Database account when their AD password is changed or reset. Thus the solution helps to reduce password related issues by ensuring that users have only
[Tips and Tricks] - How to bulk enroll Duo Security-enabled users for password self-service?
Enrollment is the only task that has to be completed before users can start enjoying the benefits of ADSelfService Plus password self-service. But many a time, administrators might have to constantly shoot out reminders urging users to enroll. Or much worse, they could be pushed to the extent of taking it head-on by enrolling all their users themselves, one at a time! The glad news is that we’ve got just what is needed to wade through all this trouble. ADSelfService Plus allows administrators the
[Tips & Tricks] How to clone existing policies in ADSelfService Plus?
ADSelfService Plus’ clone existing policy feature is a huge time saver. Consider a scenario in which you have to create different policies, with only minor or few differences, for different departments or sets of users. Instead of creating policies from the scratch, every time, you can just copy an existing policy, make the desired changes and save it. This article explains how to clone an existing policy, customize it and assign it to the required OU(s) or Group(s) or domain in ADSelfService Plus.
[Tips & Tricks] How to integrate Zendesk with Active Directory (AD) for password synchronization using ADSelfService Plus?
Last week, we saw how ADSelfService Plus facilitated password synchronization between IBM servers and Active Directory. This week, let’s learn how to integrate Zendesk with Active Directory for password synchronization using ADSelfService Plus. ADSelfService Plus’ Real-time Password Synchronizer helps ensure users have only one password between different applications to reduce password related issues. This means, every time a user resets or changes his/her AD password, the new password will automatically
[Tips & Tricks] How to integrate IBM iSeries/AS400 with Active Directory for password synchronization using ADSelfService Plus?
ADSelfService Plus' Real-time Password Synchronizer assists administrators by ensuring that the password changes made natively in the Windows interface are synchronized with the IBM servers. Password Sync Agent accomplishes real-time synchronization in seconds, which means when users change or reset their Active Directory password, the new password will automatically be synced with the IBM servers. It is to note that the linking of AD accounts with the IBM servers can be done based on any AD attribute.
[Tips & Tricks] How to enable force enrollment of users based on their OU(s) and group(s) using login script with ADSelfService Plus?
The Force Enrollment using Login Script feature of ADSelfService Plus allows users to forcefully enroll the un-enrolled users within the selected policies or domains with a login script. You can schedule the execution of a login script to enable force enrollment. Only after the enrollment they can access other resources in their machine. This feature also provides you with the ability to decide whether users of the entire domain or that of a selected organisational unit(s) and group(s) would be forced
[Tips & Tricks] Bulk disenrollment of users in ADSelfService Plus
ADSelfService Plus offers administrators the convenience of performing bulk disenrollment of users. This feature allows them to manage user’s licenses effectively and also not be pushed to the extent of disenrolling users one at a time. Administrators can choose between the following two options to perform bulk disenrollment. Select multiple users from Enrollment Reports. Import users from a CSV file. Method 1: Select multiple users from Enrollment Reports. Log into ADSelfService Plus as an
[Tips & Tricks] How to enable smart card authentication in ADSelfService Plus?
How about a hassle-free, passwordless, yet secure login to ADSelfService Plus? ADSelfService Plus supports smart card authentication which enables users to access the self-service portal securely, without having to enter a password. If your organisation already utilises smart cards/PKI/certificates as an authentication system, the sensible choice would be for you to use the smart card authentication option in ADSelfService Plus to verify users' identities. This option enables ADSelfService Plus
[Tips and Tricks] How to integrate ServiceDesk Plus with ADSelfService Plus?
By integrating ServiceDesk Plus and ADSelfService Plus, you get to: 1. Automate ticket creation in ServiceDesk Plus for every self-service operation performed by end users using ADSelfService Plus. This empowers help desk technicians to keep track of users' self-service actions, and follow-up on them, if needed. 2. Provide single sign on to ServiceDesk Plus through ADSelfService Plus. This one-click access offers enhanced user experience, as the users do not have to login multiple times
[Tips and Tricks] – How to customize the ADSelfService Plus mobile app?
With the ADSelfService Plus mobile app, end users no longer have to be tied to the desk to manage their Active Directory domain password. They can reset their password, unlock their account, and change their password from anywhere and at anytime without help desk intervention. ADSelfService Plus also provides powerful customization features that help you to: Customize the entire home screen of the app including the button texts, the order in which they appear, and the logo. Control which self-service
[Tips and Tricks] - How to integrate ADSelfService Plus with your SIEM system in real time?
ADSelfService Plus can be integrated with syslog servers and SIEM (security information and event management) solutions that support syslog format such as Splunk and EventLog Analyzer, so that you can forward audit logs in real time and gain valuable insights on your users’ activities. This article will guide you to integrate ADSelfService Plus with SIEM solutions. Integrating ADSelfService Plus with Splunk Steps involved: The first step of the integration process is to generate an HTTP event collector
[Tips and Tricks] - How to send notifications to secondary email address of users?
ADSelfService Plus notifies end users via email about an impending password or account expiration, successful password self-service actions, and more. By default, this notification is sent to the user's primary email address that is tied to Active Directory. To reduce the chance of users missing these notifications if they are not able to access their accounts (because of locked out accounts or forgotten passwords), ADSelfService Plus allows you to send these notifications to users' alternate email
[Tips and Tricks] - How to enable biometric, QR code, push notification, and TOTP based verification for self-service password reset?
ADSelfService Plus supports multi-factor authentication (MFA) to verify and secure the identity and access of users. The latest in the league is the mobile app authenticator that can verify identities of users who wish to perform self-service password reset. Deploying a custom blend of these authentication methods prove effective in keeping attackers at bay. And with administrators holding the power to determine how end users can authenticate themselves, there is uniformity across the organization’s