Password Self-Service Deployment:

In order to take ADSelfService Plus' self-service features to the end-users, you have to implement the following:

Configuring self-service actions

ADSelfService Plus offers four self-service features to domain users (Password reset, Account unlock, Directory self-update, and Change password). Based on the departments and organizational hierarchy, you can choose to enable specific features based on users' OUs and group membership. Thereby, they can decide which users can avail themselves of any or all of these features. This is done in the Policy Configuration section by configuring a self-service policy for the users and defining the extent to which they can use ADSelfService Plus. Click on Steps to create a policy for further details.

Identity verification

Once domain users are made part of a self-service policy, their identities need to be verified they can make use of the self-service password reset or account unlock features via the ADSelfService Plus' end-user portal, ADSelfService Plus mobile app, and Windows/macOS/Linux login screens. You can authenticate user identities using any of the fifteen multi-factor authentication (MFA) methods supported by ADSelfService Plus during:

Identity verification by multi-factor authentication (MFA) is carried out using the information provided by users during enrollment into ADSelfService Plus.

By clicking on the above links you can view the configuration steps for each of these methods.

You can enable specific MFA methods for specific set of users and can specify the number of authentications users must complete in order to verify their identity. They also have the option of forcing users to verify their identities with certain MFA methods. This is done using the MFA/TFA settings (Configuration > Self-Service > Mulit-factor Authentication > MFA/TFA Settings). To know more about configuring MFA, Click here.

User enrollment

In order to perform identity verification, users need to enroll with ADSelfService Plus by providing certain information. The information provided varies based on the MFA method configured. ADSelfService Plus simplifies the enrollment process by offering multiple enrollment options:

Enrollment without user's intervention

Note:For certain MFA methods like AD Security Questions, Mail verification, and SMS verification, you can choose to use the users' Active Directory attribute values (mail, mobile, sAMAccountName, etc.) for identity verification. In this case, enrollment is not required.

Enrollment by users:

Users can enroll with ADSelfService Plus using the ADSelfService Plus client portal, ADSelfService Plus mobile app, and the Mobile Web App. In order to enforce user enrollment, you can implement the following measures:

Securing self-service actions

ADSelfService Plus' Security Centre lists out links to security settings in the other sections of the product. These include:

Enabling these security settings protects the user accounts in a domain and secures the connections between the ADSelfService Plus server and other components in the network.


Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.


Need technical assistance?

  • Enter your email ID
  • Talk to experts
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2023, ZOHO Corp. All Rights Reserved.