Pricing  Get Quote

How to enable multi-factor authentication for privileged users

How can multi-factor authentication secure privileged user accounts?

While all user accounts must be authenticated before gaining access to enterprise resources, privileged user accounts are of the utmost priority because they pose the greatest risk of confidential data compromise. Multi-factor authentication (MFA) is an effective solution to help protect access to privileged user accounts as it enables additional authentication methods to be implemented besides standard password-based authentication. This eliminates the risk of system takeover due to password compromise. ManageEngine ADSelfService Plus offers MFA for machine, VPN, Outlook Web Access, and enterprise application logins, making it a well-rounded solution to secure privileged user authentication.

How to setup MFA for privileged user accounts using ADSelfService Plus

Step 1: Create a policy for privileged users

Create a self-service policy and select domains, groups, or OUs that the privileged user accounts are a part of.


Step 2: Configure authenticators for MFA

Configure stringent methods such as biometrics, Microsoft Authenticator, and YubiKey Authenticator, and select the policy created in Step 1. Configure settings such as the number of factors and authentication methods for each MFA type.


Step 3: User enrollment

Enable forced user enrollment, send enrollment notifications, or enroll privileged user accounts in the product by importing data from CSV files or databases.


Authentication methods supported for MFA for privileged users

  1. Security Questions and Answers
  2. Email Verification
  3. SMS Verification
  4. Google Authenticator
  5. Microsoft Authenticator
  6. Azure AD MFA
  7. Duo Security
  8. RSA SecurID
  9. RADIUS Authentication
  10. Push Notification Authentication
  1. Fingerprint/Face ID Authentication
  2. QR Code-Based Authentication
  3. TOTP Authentication
  4. SAML Authentication
  5. AD Security Questions
  6. YubiKey Authentication
  7. Zoho OneAuth TOTP Authentication
  8. Smart Card Authentication
  9. Custom TOTP Authenticator

Benefits of deploying MFA for privileged user accounts using ADSelfService Plus

  • Granular configuration based on user privilege: Enable stringent authentication methods such as biometrics and YubiKey Authenticator for AD domains, OUs, and groups comprising of users with higher privileges.
  • True MFA: Enable a maximum of three authentication factors apart from username and password authentication.
  • Mandated product adoption: Ensure users, especially privileged user accounts, are secured by MFA by mandating them to enroll in the product, or bulk enroll all user accounts using external databases or CSV files.
  • Automated conditional access: Automatically apply different self-service policies that enable or disable different levels and methods of authenticators based on factors such as time of access, IP address, geolocation, and device type.

Enable MFA for privileged user accounts using ADSelfService Plus

  Download a free trial now!  Request demo

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  • Business Email *
  • Phone *
  • Problem Description *
  • Country
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust