Training Home

About ADSelfService Plus

ADSelfService Plus is an identity security solution to ensure secure and seamless access to enterprise resources and establish a Zero Trust environment. With capabilities such as adaptive multi-factor authentication, single sign-on, self-service password management, a password policy enhancer, remote work enablement and workforce self-service, ADSelfService Plus provides your employees with secure, simple access to the resources they need. ADSelfService Plus helps keep identity-based threats out, fast-tracks application onboarding, improves password security, reduces help desk tickets and empowers remote workforces

Training Objectives

At the end of the course, you will be able to:

Install and configure ADSelfService Plus to meet organizational requirements
Enable self-service password reset, account unlock, and real-time password synchronization
Secure user access to resources with Multi-Factor Authentication (MFA) and Single Sign-On (SSO)
Automate user enrollment and send proactive password expiration notifications
Configure self-directory updates, employee search, and mail group subscriptions
Enable access to self-service features on mobile devices for end users and customize user experiences
Create help desk roles and assign technicians
Schedule report generation, email them to administrators instantly, and export them in multiple formats
Integrate ADSelfService Plus with ITSM, SIEM, and other enterprise tools
Set up ADSelfService Plus for scalability and high availability, manage , and ensure data security

Training Agenda

This training agenda is designed to equip users with the knowledge to work with ADSelfService Plus.

Introduction to ADSelfService Plus

Overview of the product
Key features of the product

Setting Up ADSelfService Plus

Hardware requirements
Supported platforms
Supported browsers
Supported databases
Installing ADSelfService Plus
Starting ADSelfService Plus as a service
Connecting to the ADSelfService Plus web portal
Licensing of ADSelfService Plus

Getting Started with Configuration

Configure Active Directory domains in ADSelfService Plus

Self-Service Password Management

Enable self-service password reset, account unlock, and password change
Policy configuration for self-service features
Updating cached credentials over VPN

Multi-Factor Authentication (MFA)

Set up and configure MFA authenticators to cater to specific business requirements, ensuring both robust security and user convenience
Configure MFA for various use cases, including
- Self-service actions (such as Reset and Unlock)
- Machine logins
- OWA and Exchange Admin Center logins
- RADIUS-supported endpoint logins
- Enterprise application logins
- ADSelfService Plus logins
Configure offline MFA for Windows and macOS logins
Explore the advanced settings to further control the MFA processes

Single Sign-On and Password Synchronization

Enable Single Sign-On (SSO) to streamline user login experiences by eliminating the need for multiple credentials
Configure Just-In-Time (JIT) Provisioning to automatically create user accounts in target applications for seamless access
Configure Account linking to automatically link user accounts during password sync and SSO
Installation of the Password Sync Agent
Configure real-time password synchronization to automatically synchronize Windows Active Directory password resets/changes and account unlocks of a user account across multiple other platforms

Directory Self Service

Create Self-Update Layouts with the "drag & drop" approach and choose from multiple field types for an end user to self-update
Create Modification rules to specify the fields that should be automatically updated whenever a user account is modified
Configure Employee Search to allow users and admins to search and view domain user information
Configure Mail Group Subscription to enable users to subscribe to or unsubscribe from email groups directly through the portal

Login agent installation and customization

Installation of the login agent on Windows (GINA), macOS, or Linux
Customization of the login agent
Configure a scheduler for the login agent

Conditional Access

Understand the functionality of conditional access in ADSelfService Plus
Configure conditional access rules based on IP address, device, business hours, or user location
Assign the conditional access rules

Password Policy Enforcer

Set up custom password complexity rules, including restrictions on characters, repetition, patterns, and length
Learn how to enable Have I Been Pwned? integration to prevent the usage of breached passwords by end users
Explore options to bypass complexity requirements, configure policy settings the user’s password must comply with during self-service password reset and password change operations, display the password policy requirement on the reset and change password pages, and enforce these policies in ADUC console and change password screens

User Enrollment

Force user enrollment through logon scripts
Send enrollment reminders via email, SMS, or push notifications
Import enrollment data from CSV file
Import enrollment data from an external database

Password Expiration Notifications

Configure notifications for password and account expiration via email, SMS, or push alerts
Setting the notification frequency on a daily, weekly, or specific-day basis
Configure advanced settings to send notification delivery status messages to users' managers or admins, and retry notifications if the scheduler fails to deliver them on the configured day
Use of macros to help reduce redundancy in the messages

Mobile App Deployment

Install the Mobile Device Management (MDM) profile
Install the ADSelfService Plus iOS app remotely in the users' mobile devices
Setting up schedulers to automate profile and app installation

Approval Workflow

Integrate with ADManager Plus
Configure Self-Service Approval Workflow

Technician

Create technicians by selecting the technician type (Domain-based or Product-based) and assigning a role (Super Admin or Operator)
Assign permissions to technician roles
Advanced settings to configure login MFA and password policy settings for technicians who use product authentication

Integration

Integration with enterprise applications and databases for SSO using SAML/OpenID/OAuth protocols
Integration with ITSM and help desk applications
Integration with SIEM applications and syslog servers

General Settings

Configure the SSL settings, access URL, proxy settings, port settings and session time settings
Configure mail and SMS server settings
Configure Dashboard Updater
Configure Site-Based DC Updater
Generate backup codes for MFA recovery
Restrict users under License Management to ensure license compliance

Login Settings

Configure user login access rights, CAPTCHA settings, and other customization options for the login page
Configure SSO Settings to automatically log in to ADSelfService Plus by simply logging in to their Windows machine or through a third-party identity provider
Access the self-service portal without password using Smart Card Authentication

Personalize Settings

Customize settings for display, portal rebranding, mobile rebranding, password change, and language options

Enterprise Essentials

Configure High Availability or Load Balancing
Configure Reverse Proxy settings by integrating with AD360

Reports

Generate detailed user, password self-service, MFA, GINA/Mac/Linux agent, and other reports.
Schedule report generation at fixed intervals
Configure the generated reports to be sent to the administrators' mail instantly
Export the reports to multiple formats such as CSV, PDF, XLS, HTML, and CSVDE for offline use

Dashboard

Gain insights from user, enrollment and audit reports
Create schedules in the Dashboard Updater to synchronize with AD and update the graphs
Embed the graphs in the organization's web page or access the graph separately by using a URL
Access quick links and highlights

Backup and Recovery

Schedule database backups
Manage retention policies and monitoring backup history

Signup for the Classroom Training, or Register for a training at your location now!