Technicians are end users with specific privileges that allow them to carry out product-related administrative tasks. There are two types of ADSelfService Plus technicians:

  1. Super Admin: Has full control over the entire application by default
  2. Operator: Can audit operations and view reports in the application by default

Based on their method of authentication, technicians are classified into:

  1. Domain technicians: These are technicians who have an account in AD. Domain technicians only have control over the domain to which they belong.
  2. Product technicians: These technicians have an account only in ADSelfService Plus and use their product account credentials for authentication. Product technicians have control over all the domains configured in ADSelfService Plus.
Note: You can configure MFA and password policy settings for product technicians under the Advanced section on the Technicians tab. To do so, go to Configuration > Administrative Tools > Technician > Advanced. To configure MFA and password policy settings for domain technicians, go to Configuration > Self-Service > Multi-factor Authentication and Configuration > Self-Service > Password Policy Enforcer, respectively.

How to assign permissions to technician roles

  1. Go to Configuration > Administrative Tools > Technician.
  2. Click Role Settings.
  3. Select the required role from the drop-down.
  4. technician-rolesettings
  5. You can now choose to assign or remove the displayed permissions.
  6. technician-rolesettings

How to create a technician

  1. Go to Configuration > Administrative Tools > Technician.
  2. Click the + Add New Technician button.
  3. Select the authentication type, domain, users/groups, and role from the respective drop-downs.
  4. add-new-technician
    Important: When AD Authentication is selected, the created technician can use their Windows login credentials to log in to ADSelfService Plus.
  5. If you select Product Authentication in the Authentication Type field, you will be required to enter the login credentials for that technician.
  6. add-new-technician2
    Important: When Product Authentication is selected, this only creates an account in ADSelfService Plus. The technician will not have an AD account and needs to use the credentials that you configure.
  7. Click Add.

Advanced settings

The Advanced option on the Technician Settings page allows you to configure login MFA and password policy settings for technicians who use product authentication.

Advanced settings

Login MFA

  1. Go to Configuration > Administrative Tools > Technician.
  2. Click Advanced in the bottom-right corner and click the Login MFA tab.
  3. Login MFA
  4. Enable MFA during login for technicians who use product authentication: Enable this option if you want ADSelfService Plus to prompt product technicians for the configured MFA authenticators during login for additional security.
  5. Technician has to satisfy __ authentication factor(s) during login: Choose the number of authenticators to prompt technicians for during login from the drop-down.
  6. Select the authenticators required: Choose the authenticators you wish to apply to the technician from the drop-down.
  7. Click Advanced to open up more options to customize settings for technicians.
  8. Password Policy
  9. Idle time limit for login MFA process is __ mins: Specify the idle time limit for the login MFA process. Once the specified time has lapsed, if the technician failed to complete the verification process, they will have to go through the MFA verification process again.
  10. Trust this browser option expires after: When this option is enabled, users will not be asked to go through MFA for the specified length of time when they log in to ADSelfService Plus using trusted browsers. Specify the duration of the trust period in days, hours, or minutes.
  11. Keep the 'Trust this browser' option selected by default: Enable this option if you want the Trust this browser check box to be selected by default on the MFA verification screen.
  12. Enable MFA Backup Verification Codes: Click this option to let admins generate backup codes for technician accounts via the Enrolled Users Report. Admins can choose to display the MFA Backup Code column in the Enrolled Users Report and generate backup codes from the report.
  13. Password Policy

Password policy

  1. Go to Configuration > Administrative Tools > Technician.
  2. Click Advanced in the bottom-right corner and click the Password Policy tab.
  3. Restrict Characters: Specify how many special characters, numbers, and Unicode characters should be used in a password.
  4. Password Policy
  5. Restrict Repetition: Limit the use of:
    • Consecutive characters (e.g., aaaa).
    • A string of consecutive characters from the username and old password (e.g., user01).
    Password Policy
  6. Restrict Pattern: Restrict technicians from using palindromes, dictionary words, and other custom patterns in their passwords.
  7. Password Policy
  8. Restrict Length: Specify the maximum and minimum password length.
  9. Password Policy
  10. Enable Password Strength Analyzer: Enable this setting to provide a visual representation of the strength of the password, encouraging technicians to create b, complex passwords.
  11. You can configure the settings to override all the complexity rules if the password meets a predefined password length. You can also specify the number of complexity rules a password must satisfy.


Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.


Need technical assistance?

  • Enter your email ID
  • Talk to experts
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2023, ZOHO Corp. All Rights Reserved.