Password security today

The world has quickly adopted the hybrid working model and moved to cloud-based services. This is great for establishing a flexible work environment. However, this also brings a host of password management hurdles, and password security loopholes that are being exploited by threat actors because many people use weak and compromised passwords. Since passwords are the first line of defense against threat actors, an organization's security is only as strong as its weakest password. It is imperative for an organization to take its password security seriously.

The need for better password management solutions

Native password management tools are not capable of handling the demands of today's world. We now need more granular control, easier access to our services, and security hardening on a case-by-case basis. This is why organizations rely on password management and security solutions to oversee their passwords. These solutions help organizations not only harden their password security measures, but also allow for easy password management with functionalities such as remote password self-service and single sign-on (SSO) for applications. These functionalities help an organization build a strong and hassle-free password framework.

 What is ADSelfService Plus?

ManageEngine ADSelfService Plus is an integrated self-service password management and SSO for on-premises and cloud applications. It bolsters an organization's password framework with self-service password reset (SSPR) and account unlock, endpoint and VPN multi-factor authentication (MFA), SSO to enterprise applications, Active Directory (AD)-based multi-platform password synchronization, password expiration notification, and password policy enforcer.

adssp Dashboard
adssp Dashboard              

Gartner recommended critical IAM capabilities in ADSelfService Plus

Native password management tools are not capable of handling the demands of today's world. We now need more granular control, easier access to our services, and security hardening on a case-by-case basis. This is why organizations rely on password management and security solutions to oversee their passwords. These solutions help organizations not only harden their password security measures, but also allow for easy password management with functionalities such as remote password self-service and single sign-on (SSO) for applications. These functionalities help an organization build a strong and hassle-free password framework.

  User authentication methods

Avoid impersonation attacks using biometrics and other advanced authentication methods. Step up your security by implementing MFA to access endpoints and applications.

  Adaptive authentication

Enforce risk-based adaptive authentication using factors such as user location, IP address, time of previous logon, and device footprint.

  SaaS application enablement

Set up SAML 2.0-based SSO for hundreds of enterprise SaaS applications, like Salesforce, ServiceNow, and Slack.

How will ADSelfService Plus benefit my organization?

ADSelfService Plus comes packed with functionalities that go beyond native capabilities. Here's a list of what the solution can do, and what you get with each features:

  SSPR and account unlock

Enables users to perform AD domain password resets and perform account unlocks without admin intervention. Users can reset their password from:

  • A web browser using the ADSelfService Plus user portal.
  • The logon screens of Windows, macOS, and Linux machines using the ADSelfService Plus login agent.
  • A mobile device using the ADSelfService Plus mobile app or mobile browser portal.
What you receive: Empowers users to reset their passwords and unlock their accounts. This reduces the number of help desk tickets and unburdens help desk personnel. It also improves user productivity as passwords can be reset and accounts can be unlocked promptly and efficiently.
  Enterprise SSO

Reduces the number of logins performed by the user through enabling enterprise SSO for Security Assertion Markup Language (SAML) application collections like Google Workspace, Microsoft 365, and Salesforce.

What you receive: With a single password, users can access multiple enterprise applications and accounts easily and efficiently.
  Password synchronization

This feature allows users to synchronize their AD domain password across their user accounts in integrated on-premises and cloud applications like Microsoft SQL Server, Microsoft 365, Google Workspace, and Salesforce.

What you receive: Any changes to the domain password result in the changes being reflected across the integrated applications as well.
  MFA

By implementing additional layers of identity verification and enhancing the existing credential-based authentication, MFA improves security. ADSelfService Plus implements additional identity verification steps for:

  • SSPR and account unlock.
  • Local and remote machine (Windows, macOS, and Linux), and VPN logins.
  • SSO for enterprise applications.
  • ADSelfService Plus portal logins.

This solution supports up to 18 authentication techniques including biometrics, Google Authenticator, Microsoft Authenticator, time-based one-time password (TOTP), and Security Question and Answer.

What you receive: Even if attackers misappropriate users' credentials, they still need to complete the successive stages of authentication to gain access. Utilizing MFA, an organization is safeguarded because even exposed passwords are useless to attackers.
  Password expiration notification

Sent through email and SMS, or as push notifications, password expiration notifications enable sending multiple reminder notifications on specific days before the expiration date.

What you receive: Notifies users about their impending domain password expiration and reminds them to change their passwords before they lose access to their machines.
  Password policy enforcer

Advanced password policy controls can be set for an organization besides the native domain and fine-grained password policies offered by AD. These advanced password policies can be used to set password controls that are not available in the native policies like:

  • Mandatory inclusion of Unicode characters.
  • Restriction of character repetition of consecutive characters from usernames and old passwords.
  • Restriction on the use of weak passwords, dictionary words, and palindromes.
What you receive: Users can be required to adhere to these policies strictly, preventing them from setting weak passwords that might jeopardize the security of the organization.
  Conditional access

Automates access decisions to organizational resources using risk factors such as IP address, time of access, the device used, and the user's geolocation.

What you receive: IT admins can set pre-defined conditions based on these risk factors to provide users with complete and unrestricted access, limited access, or no access to the resource.
  Self-service directory update

Enables users to update their AD profile information, like email address and mobile number, without IT admin intervention. IT admins can also create modification rules that auto-populate values for certain attributes based on other provided attribute values.

What you receive: Helps decrease the help desk workload while improving user productivity.
  Employee directory search and organization chart

Enables users to search for information on other users, contacts, and groups in the organization, and view the organization chart that displays all the employees in the organizational hierarchy.

What you receive: Helps users discover details about other users from a single portal.
  Mail group subscription

Provides users with the ability to subscribe themselves to organizational email groups.

What you receive: Lets users gain access to the email groups they need without help desk assistance.

What do people say
about ADSelfService Plus?

  •  

    Now users do not have to travel to the office to perform Active Directory password resets. Our help desk calls related to password resets have been reduced by 100%.

    Piergiuseppe Delfino, CIO at AUBAY SpA, Italy

  •  

    Other options were requiring a modification of the Active Directory schema. I liked that ADSelfService Plus did not. The ability to ‘brand’ the tool to our school was also important.

    Robert Peterson, Technical Support Manger, The Principia

  •  

    The deployment is very simple, which makes it nearly fun. We didn’t find any other software which is as fast to deploy as ADSelfService Plus. The instructions are clear and straightforward; the support is working great.

    Matthias Ziolek, Manager, Landratsamt Schwarzwald-Baar-Kreis

Want to talk to someone about AD360?

Ask about ManageEngine products, pricing, implementation, or anything else. Our highly trained reps are standing by, ready to help.

Schedule Demo Or +1 844 245 1108
 
Demo request received

Thank You for the interest in ManageEngine AD360. We have received your personalized demo request and will contact you shortly.

2021 Zoho Corporation Pvt. Ltd. All rights reserved.

 Get Demo