# About ADSelfService Plus ![ManageEngine Certification](https://cdn.manageengine.com/sites/meweb/images/training/images/training-banner.jpg) ADSelfService Plus is an identity security solution to ensure secure and seamless access to enterprise resources and establish a Zero Trust environment. With capabilities such as adaptive multi-factor authentication, single sign-on, self-service password management, a password policy enhancer, remote work enablement and workforce self-service, ADSelfService Plus provides your employees with secure, simple access to the resources they need. ADSelfService Plus helps keep identity-based threats out, fast-tracks application onboarding, improves password security, reduces help desk tickets and empowers remote workforces. [Download PDF](https://download.manageengine.com/training/adselfservice-plus-training-agenda.pdf) ## Training Objectives At the end of the course, you will be able to: - Install and configure ADSelfService Plus to meet organizational requirements - Enable self-service password reset, account unlock, and real-time password synchronization - Secure user access to resources with Multi-Factor Authentication (MFA) and Single Sign-On (SSO) - Automate user enrollment and send proactive password expiration notifications - Configure self-directory updates, employee search, and mail group subscriptions - Enable access to self-service features on mobile devices for end users and customize user experiences - Create help desk roles and assign technicians - Schedule report generation, email them to administrators instantly, and export them in multiple formats - Integrate ADSelfService Plus with ITSM, SIEM, and other enterprise tools - Set up ADSelfService Plus for scalability and high availability, manage, and ensure data security ## Training Agenda This training agenda is designed to equip users with the knowledge to work with ADSelfService Plus. ### Introduction to ADSelfService Plus - Overview of the product - Key features of the product ### Setting Up ADSelfService Plus - Hardware requirements - Supported platforms - Supported browsers - Supported databases - Installing ADSelfService Plus - Starting ADSelfService Plus as a service - Connecting to the ADSelfService Plus web portal - Licensing of ADSelfService Plus ### Getting Started with Configuration - Configure Active Directory domains in ADSelfService Plus ### Self-Service Password Management - Enable self-service password reset, account unlock, and password change - Policy configuration for self-service features - Updating cached credentials over VPN ### Multi-Factor Authentication (MFA) - Set up and configure MFA authenticators to cater to specific business requirements, ensuring both robust security and user convenience - Configure MFA for various use cases, including - Self-service actions (such as Reset and Unlock) - Machine logins - OWA and Exchange Admin Center logins - RADIUS-supported endpoint logins - Enterprise application logins - ADSelfService Plus logins - Configure offline MFA for Windows and macOS logins - Explore the advanced settings to further control the MFA processes ### Single Sign-On and Password Synchronization - Enable Single Sign-On (SSO) to streamline user login experiences by eliminating the need for multiple credentials - Configure Just-In-Time (JIT) Provisioning to automatically create user accounts in target applications for seamless access - Configure Account linking to automatically link user accounts during password sync and SSO - Installation of the Password Sync Agent - Configure real-time password synchronization to automatically synchronize Windows Active Directory password resets/changes and account unlocks of a user account across multiple other platforms ### Directory Self Service - Create Self-Update Layouts with the "drag & drop" approach and choose from multiple field types for an end user to self-update - Create Modification rules to specify the fields that should be automatically updated whenever a user account is modified - Configure Employee Search to allow users and admins to search and view domain user information - Configure Mail Group Subscription to enable users to subscribe to or unsubscribe from email groups directly through the portal ### Login Agent Installation and Customization - Installation of the login agent on Windows (GINA), macOS, or Linux - Customization of the login agent - Configure a scheduler for the login agent ### Conditional Access - Understand the functionality of conditional access in ADSelfService Plus - Configure conditional access rules based on IP address, device, business hours, or user location - Assign the conditional access rules ### Password Policy Enforcer - Set up custom password complexity rules, including restrictions on characters, repetition, patterns, and length - Learn how to enable Have I Been Pwned? integration to prevent the usage of breached passwords by end users - Explore options to bypass complexity requirements, configure policy settings the user’s password must comply with during self-service password reset and password change operations, display the password policy requirement on the reset and change password pages, and enforce these policies in ADUC console and change password screens ### User Enrollment - Force user enrollment through logon scripts - Send enrollment reminders via email, SMS, or push notifications - Import enrollment data from CSV file - Import enrollment data from an external database ### Password Expiration Notifications - Configure notifications for password and account expiration via email, SMS, or push alerts - Setting the notification frequency on a daily, weekly, or specific-day basis - Configure advanced settings to send notification delivery status messages to users' managers or admins, and retry notifications if the scheduler fails to deliver them on the configured day - Use of macros to help reduce redundancy in the messages ### Mobile App Deployment - Install the Mobile Device Management (MDM) profile - Install the ADSelfService Plus iOS app remotely in the users' mobile devices - Setting up schedulers to automate profile and app installation ### Approval Workflow - Integrate with ADManager Plus - Configure Self-Service Approval Workflow ### Technician - Create technicians by selecting the technician type (Domain-based or Product-based) and assigning a role (Super Admin or Operator) - Assign permissions to technician roles - Advanced settings to configure login MFA and password policy settings for technicians who use product authentication ### Integration - Integration with enterprise applications and databases for SSO using SAML/OpenID/OAuth protocols - Integration with ITSM and help desk applications - Integration with SIEM applications and syslog servers ### General Settings - Configure the SSL settings, access URL, proxy settings, port settings and session time settings - Configure mail and SMS server settings - Configure Dashboard Updater - Configure Site-Based DC Updater - Generate backup codes for MFA recovery - Restrict users under License Management to ensure license compliance ### Login Settings - Configure user login access rights, CAPTCHA settings, and other customization options for the login page - Configure SSO Settings to automatically log in to ADSelfService Plus by simply logging in to their Windows machine or through a third-party identity provider - Access the self-service portal without password using Smart Card Authentication ### Personalize Settings - Customize settings for display, portal rebranding, mobile rebranding, password change, and language options ### Enterprise Essentials - Configure High Availability or Load Balancing - Configure Reverse Proxy settings by integrating with AD360 ### Reports - Generate detailed user, password self-service, MFA, GINA/Mac/Linux agent, and other reports - Schedule report generation at fixed intervals - Configure the generated reports to be sent to the administrators' mail instantly - Export the reports to multiple formats such as CSV, PDF, XLS, HTML, and CSVDE for offline use ### Dashboard - Gain insights from user, enrollment and audit reports - Create schedules in the Dashboard Updater to synchronize with AD and update the graphs - Embed the graphs in the organization's web page or access the graph separately by using a URL - Access quick links and highlights ### Backup and Recovery - Schedule database backups - Manage retention policies and monitoring backup history ## Support - Email: [certifications@manageengine.com](mailto:certifications@manageengine.com) - US : +1 888 720 9500 - Intl : +1 925 924 9500 - Aus : +1 800 631 268 - UK : 0800 028 6590 - CN : +86 400 660 8680