Pricing  Get Quote

Passwordless authentication: Process and implementation

Passwordless authentication is an advanced identity verification system where, instead of passwords, other modern methods of authentication are used to determine user authenticity. Removing the password from the authentication process makes the system and its resources completely immune to password-based cyberattacks such as dictionary attacks, brute-force attacks, credential stuffing, and more. Additionally, the user experience is improved as password fatigue and the resulting risky password management practices are eliminated.

How does passwordless authentication work?

In a passwordless authentication model, the standard replacements for the password are an inherence factor that is based on elements already part of the user (also known as biometrics), and a possession factor that is based on elements owned by the user (for example mobile-based OTPs and hardware tokens). Using multiple stages of passwordless authentication, including both inherence and possession factors—or multi-factor authentication—is the recommended approach.

While password authentication involves comparing the password provided with a hash stored in the database, passwordless authentication uses cryptographic private-public key-pair authentication. During authentication, the application or system being accessed sends over the public key specific to the user account. The user attempts to match the public key with the private key, which can be accessed by performing biometrics, entering an OTP, or authenticating using a hardware token. If the public-private key pair is successfully matched, the user is authenticated.

ManageEngine ADSelfService Plus, an identity security solution with MFA, SSO, and self-service password management capabilities, offers passwordless authentication with a maximum of three stages for SSO-based logins to enterprise applications and logins into its Android and iOS mobile application.

Implementing passwordless authentication using ADSelfService Plus

Here are the steps to enable passwordless authentication for SSO using ADSelfService Plus.

Step 1: Enable SSO for the enterprise application

  1. Log in to the portal as an administrator.
  2. Open Configuration > Policy Configuration > Add New Policy.
  3. Select the OUs and Groups in your configured domain whose users could benefit from SSO and passwordless authentication, and create a policy.

    Passwordless authentication: Process and implementation

  4. Go to Configuration > Password Sync/Single Sign-on > Add Application.
  5. Select the application for which you want to enable SSO and passwordless authentication.
  6. Provide the required information in both ADSelfService Plus and the target application to enable SSO. Make sure to mention the policy created earlier.

    Passwordless authentication: Process and implementation

Step 2: Enable the required authentication methods

  1. Navigate to Configuration > Multi-factor Authentication > Authenticators Setup.
  2. From the Choose the Policy drop-down, select the policy created.
  3. Select the authentication methods you prefer for passwordless authentication and provide the information required to configure them.

    Passwordless authentication: Process and implementation

Step 3: Enable password authentication

  1. Move to the MFA for Applications tab.
  2. In the MFA for Cloud Applications Login section, check the box next to Enable authenticators, enter the number of authentication methods to be enforced, and select the authentication methods configured earlier from the drop-down.

    Passwordless authentication: Process and implementation

  3. Click the Advanced button, and in the pop-up that opens, go to Applications MFA.
  4. Check the box next to Enable Passwordless Login under Cloud Application Login MFA.
  5. Click Save.
  6. Click Save Settings in the MFA for Applications tab.
  7. You have now enabled passwordless authentication for enterprise applications.

Why choose ADSelfService Plus as your passwordless authentication solution?

  • Wide choice of authenticators: Choose from a bevy of authenticators, from complex inherence factors like fingerprint and FaceID to fool-proof time-bound possession factors like Google Authenticator and YubiKey Authenticator.
  • Multi-factor authentication: Instead of replacing the password with just one authentication method, ADSelfService Plus lets you enable up to three layers of authentication.
  • Granular configuration: Don't set the same authentication requirements for all users. Enable passwordless authentication using specific authentication methods for particular OUs and groups of users based on specific requirements.
  • Support for custom applications: Enable passwordless authentication for custom SAML, OIDC, and OAuth-based applications as well as over 100 established cloud applications.

Eliminate the risk posed by weak or breached passwords with passwordless authentication

  Download a free trial now!  Request demo

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  • Business Email *
  • Phone *
  • Problem Description *
  • Country
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust