- Free Edition
- Quick Links
- Multi-factor authentication
- Active Directory MFA
- Endpoint MFA
- Windows login MFA
- Two-factor authentication
- Conditional access
- Offline MFA
- FIDO2 MFA
- Passwordless authentication
- MFA for VPN logons
- MFA for OWA logons
- MFA for Microsoft 365 users
- MFA for UAC
- MFA for remote and local macOS logons
- MFA for remote and local Linux logons
- MFA for Windows servers
- MFA for RDP
- Device-based MFA
- MFA for cloud apps
- Phishing-resistant MFA
- Adaptive MFA
- Password management
- Self-service password reset
- Self-service account unlock
- Password expiration notifications
- Password synchronization
- Password policy enforcer
- Web-based domain password change
- Cached credentials update
- Reporting and auditing
- Password self-service from logon screens
- Help-desk-assisted password reset
- Mobile password management
- Password security and compliance
- Password management and security
- Single sign-on
- Remote work enablement
- Enterprise self-service
- Reporting and auditing
- Zero trust
- Integrations
- Security
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
Approval-based workflow for self-service
For businesses reeling under the effort and costs associated with help-desk-assisted account unlocks and password resets, self-service is a great solution, as it empowers end users to solve their own IT problems. However, some businesses stay away from deploying a self-service solution due to security concerns. For example, even though it is tedious for the help desk to maintain up-to-date profile information of every user in Active Directory, organizations may not allow end users to update their own profile information in Active Directory for fear of losing control over security and data consistency.
ADSelfService Plus, an identity security solution with MFA, SSO, and self-service password management capabilities, helps organizations maintain their security stance by enabling admins to review and approve users' self-service actions, such as updating their profile information or resetting their passwords.
Help desk software with an approval workflow feature, such as ADManager Plus, is required for the review and approval process. The approval workflow rules set by the admin in the help desk tool determine who can review and approve the self-service requests. In ADManager Plus, admins can create and modify any number of self-service approval workflow rules for different types of requests. For all self-service actions, admins verify users’ identities by configuring security questions based on Active Directory attributes. Once ADSelfService Plus is integrated with ADManager Plus, users' self-service actions are taken as requests instead of being directly updated in Active Directory.

Help-desk-assisted directory update and mail group subscription: How it works
- A user attempts to update their profile information or subscribe to a group. The user proves their identity to ADManager Plus by answering Active Directory-based security questions.
- A request for the self-service action is automatically created and sent to ADManager Plus (the workflow provider).
- A help desk technician reviews the request and approves it based on the workflow rules configured in ADManager Plus. Only the information that complies with the organization’s policies is approved.
- Once approved, the profile information or group subscription is automatically updated in Active Directory by the workflow engine or help desk software.
- The user can view the status of their request in the self-service portal. They can also be notified if their request is declined.
Help-desk-assisted self-service password reset and account unlock: How it works
By enabling an approval workflow for self-service password reset and account unlock actions, admins can give help desk technicians the ability to review and approve user activities. Identities are verified using a set of security questions based on Active Directory attributes, such as "What is your mobile number?" and "What is your department name?" Here’s how the approval workflow model works for self-service password reset and account unlock requests:
- A user clicks the Forgot your password? or Account locked down? buttons from the login screen of the web portal, the mobile app, or their login screen.
- The user is asked to verify their identity via the authentication techniques configured during their enrollment. The user is also required to answer Active Directory-based security questions to prove their identity to ADManager Plus.
- The user receives a pop-up saying that the request has been sent to a technician.
- After reviewing the request, the technician accepts or rejects it. If the request is accepted, the user receives a link via email.
- In the case of a password reset, the link takes the user to the Password Reset page where they can enter their new password. For an account unlock, the link takes them to the Unlock Account page where they can unlock their account after successfully verifying their identity.
Details like who created the request, who approved the request, and when the request was approved are recorded in reports for later use. Users can view the status of their request by logging in to the self-service portal of ADSelfService Plus.
Benefits:
-
Ensure security and consistency
Approval-based self-service gives admins control over users’ self-service actions and ensures that they are handled in a secure, consistent manner.
-
Significantly reduce IT service request calls
Users can create requests on their own without having to call the help desk. This significantly reduces the costs associated with users calling the help desk to submit IT service requests.
-
Enforce OU- and group-based policies
Admins can enforce a self-service approval workflow for one set of users based on their OU or group membership. That is, they have the option to give certain users, like those in the managers OU, a pure self-service experience by excluding them from self-service approval.
Highlights of ADSelfService Plus
Password self-service
Unburden Windows AD users from lengthy help desk calls by empowering them with self-service password reset and account unlock capabilities.
Multi-factor authentication
Enable context-based MFA with 20 different authentication factors for endpoint, application, VPN, OWA, and RDP logins.
One identity with single sign-on
Get seamless one-click access to more than 100 cloud applications. With enterprise single sign-on (SSO), users can access all their cloud applications using their Windows AD credentials.
Password and account expiry notifications
Notify Windows AD users of their impending password and account expiry via email and SMS notifications.
Password synchronization
Synchronize Windows AD user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.
Password policy enforcer
Strong passwords resist various hacking threats. Enforce Windows AD users to adhere to compliant passwords by displaying password complexity requirements.