Multi-factor authentication (MFA) helps reduce the attack surface and protects your business by requiring a higher level of identity assurance. It can be enabled for all users, and all systems—both cloud and on-premises applications and endpoints—in your network. You can leverage ManageEngine ADSelfService Plus to effectively and effortlessly deploy MFA in your organization and protect your business.
Secure access to machine (Windows, macOS, and Linux OS) logins with MFA.
Learn moreAllow users to securely access IT resources through a VPN, after a stringent authentication flow with advanced verification factors.
Learn moreEnsure secure access to OWA accounts by deploying strong authentication factors during logins.
Learn moreRegulate enterprise application access via single sign-on (SSO) with advanced authenticators including biometrics, or YubiKey.
Enable users to perform self-service password reset (SSPR), and self-service account unlock only after they prove their identity via the enforced authenticators.
ADSelfService Plus enables IT administrators to trigger a preconfigured authentication workflow once a user initiates an endpoint login, password self-service, or SSO. Using this workflow, IT admins can enforce different authenticators for different sets of users, based on their OU, domain, and group memberships.
With hybrid work gaining popularity, ADSelfService Plus strongly secures both local and remote login attempts to servers and workstations so that they don't serve as gateways to various cyberattacks.
ADSelfService Plus' MFA helps tackle credential-based cyberattacks, including brute-force, password spray, and dictionary attacks. Stolen credentials from a successful phishing attack are rendered powerless when other advanced verification factors are enforced, like biometrics.
ADSelfService Plus helps you meet compliance mandates, like the PCI DSS, NIST SP 800-63B, and HIPAA.
Let's consider users trying to login to their Windows, macOS, or Linux machine. They initially enter their AD credentials and, after verification, are taken through ADSelfService Plus' admin-configured MFA process. Here's what happens next:
ADSelfService Plus offers a range of authentication factors to choose from, such as:
Fingerprint/Face ID
Authentication
Microsoft
Authenticator
TOTP
Authentication
Duo
Security
Google
Authenticator
YubiKey
Authenticator
For the complete list of supported authenticators, click here.
Your download should begin automatically in 15 seconds. If not, click here to download manually.
MFA helps to secure user access to resources by enforcing multiple methods of identity verification besides the username and password method of authentication. When MFA is in place, hackers have no use for a stolen password since there will be other authentication factors that they will have to pass through to gain access to the resources.
ADSelfService Plus provides MFA to secure cloud application access through SSO; endpoint logons, like VPNs, OWAs, Windows, Linux,, and macOS; and self-service activities like password reset, account unlock, and password change. It supports 19 different MFA authentication factors from which admins can choose their preferred factors to present to their users.
ADSelfService Plus simplifies MFA configuration for admins by providing an enriched, user-friendly console. It enables you to set up different MFA flows for different groups or departments in your organization. You can choose the number of authenticators that users must verify with for each activity, like self-service, application logons, and endpoint logons. ADSelfService Plus also makes the MFA enrollment process seamless for both users and admins.
ADSelfService Plus offers conditional access policies that help you fine-tune the access rules for IT resources, such as applications and endpoints, based on a user's location, IP address, time of access, and device used. You can preconfigure rules based on these factors and, depending on these rules, users are given MFA methods to verify their identities with.
