How will ADSelfService Plus benefit my organization?
ADSelfService Plus comes packed with functionalities that go beyond native capabilities. Here's a
list of what the solution can do, and what you get with each features:
SSPR and account unlock
Enables users to perform AD domain password resets and perform account unlocks without admin
intervention. Users can reset their password from:
-
A web browser using the ADSelfService Plus user portal.
-
The logon screens of Windows, macOS, and Linux machines using the ADSelfService Plus login
agent.
-
A mobile device using the ADSelfService Plus mobile app or mobile browser portal.
What you receive: Empowers users to reset their passwords and unlock their accounts. This
reduces the number of help desk tickets and unburdens help desk personnel. It also improves user
productivity as passwords can be reset and accounts can be unlocked promptly and efficiently.
Enterprise SSO
Reduces the number of logins performed by the user through enabling enterprise SSO for Security
Assertion Markup Language (SAML) application collections like Google Workspace, Microsoft 365,
and Salesforce.
What you receive: With a single password, users can access multiple enterprise
applications and accounts easily and efficiently.
Password synchronization
This feature allows users to synchronize their AD domain password across their user accounts in
integrated on-premises and cloud applications like Microsoft SQL Server, Microsoft 365, Google
Workspace, and Salesforce.
What you receive: Any changes to the domain password result in the changes
being reflected across the integrated applications as well.
MFA
By implementing additional layers of identity verification and enhancing the existing
credential-based authentication, MFA improves security. ADSelfService Plus implements additional
identity verification steps for:
-
SSPR and account unlock.
-
Local and remote machine (Windows, macOS, and Linux), and VPN logins.
-
SSO for enterprise applications.
-
ADSelfService Plus portal logins.
This solution supports up to 18 authentication techniques including biometrics, Google
Authenticator, Microsoft Authenticator, time-based one-time password (TOTP), and Security
Question and Answer.
What you receive: Even if attackers misappropriate users' credentials, they
still need to complete the successive stages of authentication to gain access. Utilizing MFA, an
organization is safeguarded because even exposed passwords are useless to attackers.
Password expiration notification
Sent through email and SMS, or as push notifications, password expiration notifications enable
sending multiple reminder notifications on specific days before the expiration date.
What you receive: Notifies users about their impending domain password
expiration and reminds them to change their passwords before they lose access to their machines.
Password policy enforcer
Advanced password policy controls can be set for an organization besides the native domain and
fine-grained password policies offered by AD. These advanced password policies can be used to
set password controls that are not available in the native policies like:
-
Mandatory inclusion of Unicode characters.
-
Restriction of character repetition of consecutive characters from usernames and old
passwords.
-
Restriction on the use of weak passwords, dictionary words, and palindromes.
What you receive: Users can be required to adhere to these policies strictly,
preventing them from setting weak passwords that might jeopardize the security of the
organization.
Conditional access
Automates access decisions to organizational resources using risk factors such as IP address,
time of access, the device used, and the user's geolocation.
What you receive: IT admins can set pre-defined conditions based on these risk
factors to provide users with complete and unrestricted access, limited access, or no access to
the resource.
Self-service directory update
Enables users to update their AD profile information, like email address and mobile number,
without IT admin intervention. IT admins can also create modification rules that auto-populate
values for certain attributes based on other provided attribute values.
What you receive: Helps decrease the help desk workload while improving user
productivity.
Employee directory search and organization chart
Enables users to search for information on other users, contacts, and groups in the
organization, and view the organization chart that displays all the employees in the
organizational hierarchy.
What you receive: Helps users discover details about other users from a single
portal.
Mail group subscription
Provides users with the ability to subscribe themselves to organizational email groups.
What you receive: Lets users gain access to the email groups they need without
help desk assistance.