- Welcome to ADManager Plus
- Technology Overview
- Getting Started
- Dashboard View
- Configuring Domains
- CSV Import
- Active Directory Management
- Active Directory User Management
- Create Users
- Modify Users
- Bulk User Modifications
- Modifying General User Attributes
- Resetting Password
- Enable/Disable Users
- Modifying Naming Attributes
- Modifying Security Attributes
- Modifying Organization Attributes
- Modifying Profile Attributes
- Modifying Contact Attributes
- Modifying Group Attributes
- Move Users to a Different Container
- Modifying Logon Workstation
- Modifying Logon Hours
- Manage User Photos
- Modify Inheritable Permissions
- Move / Delete Home Folders and Profile Paths
- Modifying Custom Attributes
- Delete Users
- Restore Deleted Users
- Modifying Dial-in or VPN Properties
- Enable/Disable Skype for Business/Lync Users
- Modify Skype for Business/Lync Policies
- Modifying Terminal Services
- Modifying General User Attributes
- User Templates
- Delayed Management Tasks
- Users, Groups, and Computers Search
- Active Directory Computer Management
- Create Computer Objects
- Bulk Computer Modification
- Enable / Disable Computers
- Computer General
- Modify Computer Groups
- Move Computers
- Delete Computers
- Restore Deleted Computers
- Reset Computers
- Modify Computers using CSV
- Creating Computer Creation Templates
- Creating Computer Creation Templates with Drag-n-Drop Enabled
- View/Modify Computer Creation Template
- Active Directory Group Management
- Active Directory Contact Management
- Active Directory OU Management
- Active Directory Exchange Management
- Modify Delivery Restrictions
- Modify SMTP Address
- Modify Delivery Options
- Modify Storage Limits
- Modify Naming Attributes
- Modify Exchange Policies
- Modify Exchange Features
- Create Mailbox for Users
- Disable/Delete User Mailbox
- Set Mailbox rights
- Modify exchange off-line address book
- Exchange Mailbox Migration
- Configure Exchange Automatic Reply Settings
- Active Directory File Permissions management
- Active Directory GPO Management
- Office 365 Management
- Mailbox Management
- Active Directory User Management
- Active Directory Reports
- Active Directory User Reports
- Active Directory Contact Reports
- Active Directory Password Reports
- Active Directory Group Reports
- Active Directory Computer Reports
- Active Directory Exchange Reports
- Active Directory Terminal Services Reports
- Active Directory GPO Reports
- Active Directory OU Reports
- Active Directory NTFS Reports
- Active Directory Security Reports
- Active Directory Other Reports
- Office 365 Reports
- G Suite Reports
- Custom Reports
- Scheduled Reports
- Audit Logs
- Workflow
- Automation
- Help Desk Delegation Overview
- Help Desk Delegation
- Group-based Delegation
- Help Desk Reset Password Console
- Creating New Help Desk Roles
- Copying Help Desk Role
- Creating Help Desk Technicians
- Copying a Help Desk Technician
- Modifying Help Desk Technicians
- Help Desk Audit Report
- Help Desk Admin Audit Report
- Help Desk Technicians Report
- Smart Card Authentication
- Two Factor Authentication
- Single Sign On Authentication
- Active Directory Security Management
- Admin Settings
- Customize Naming Formats
- Customize Title & Department
- Customize Offices & Companies
- Customize Password Settings
- Customize LDAP Attributes
- Configure Delete/Disable Policy
- Office 365 Settings
- G Suite Settings
- Notification Profile
- High Availability
- Connection Settings
- Server Settings
- Personalize Settings
- AD Search Settings
- Integrations
- Mobile App User Manual
- Active Directory portable people search
- Active Directory Explorer
- Troubleshooting Tips
- FAQ
- Known Issues and Limitations
- ADMP & ADSSP Integration
Help Document
Two Factor Authentication
With the Two Factor Authentication service, you can add an extra layer of security to your account, in addition to your username and password. When you try to access the ADManager Plus interface, you will not be allowed to proceed until Two Factor Authentication is completed (admins alone have the option to skip authentication via TFA). ADManager Plus provides options to perform TFA through authentication services such as Duo Security, Google Authenticator, or one time password via email.
Steps to configure Two Factor Authentication:
- Go to the Admin tab.
- Click the Two Factor Authentication link under General Settings.
- Enable Two Factor Authentication using the button near Two Factor Authentication is.
- Select the authentication service required for TFA from the following 3 options.
- Add ADManager Plus under Applications in your Duo Security account.
- To set up inline self enrollment, follow these steps.
- The credentials to enable TFA using Duo Security can be found by clicking the application name in the Applications tab of Duo.
- Enter the integration key, secret key, and API host name displayed in Duo Security in ADManager Plus.
- Click the Save button.
- Select the Enable Google Authenticator button.
- Click the Save button.
- During logging in, enter the code generated by the Google Authenticator app in your smartphone, in addition to your username and password.
- Click here for more details.
- Go to the Admin tab.
- Click the Server link under General Settings.
- Under Mail Settings, specify the name and port of the mail server.
- Click the Advanced link in order to specify the username and password for mail server access.
- Enter the Admin Mail Address and test working by clicking the Send Test Mail link.
- Click the Save Changes button.
- Under one time password via email, enter the subject of the OTP email.
- Enter the content of the email using Macros where needed.
- Click the Save button.
- Log in to your RSA admin console (e.g., https://RSA machinename.domain DNS name/sc).
- Go to Access, Authentication Agents, click Add New.
- Add ADManager Plus Server as an Authentication agent and click Save.
- Go to Access, Authentication Agents, click Generate Configuration File.
- Download AM_Config.zip (Authentication Manager config).
- Extract sdconf.rec from the zip to <-installation-dir>/bin. If there is a file named securid (node secret file ), copy it too.
- Manage the users who have been successfully authenticated using TFA by clicking the Manage Authenticated Users button. The list of TFA configured users is displayed. If needed, you can remove the configured TFA and allow the user to reconfigure the settings.
Duo Security:
Google Authenticator:
One time password via email:
In order to receive emails about the One Time Password (OTP), you need to configure mail server settings by performing the following steps.
RSA Authenticator:
RSA SecurID, formerly referred to as SecurID, is a mechanism developed by Security Dynamics (later RSA Security and now RSA, The Security Division of EMC) for performing two-factor authentication for a user to a network resource. Users can use the security codes generated by the RSA SecurID mobile app or Hardware tokens or tokens received in their mail or mobile to log in to ADManager Plus.
Steps to Integrate RSA SecurId with ADManager Plus:
That's it ! You are now ready to use RSA SecurId with ADManager Plus.
Troubleshooting: Log in to your RSA admin console and go to Reporting tab. Under Real time Activity Monitors, click Authentication Activity Monitor. Now click Start Monitor.
To personalize your preferred authentication method:
In order to choose your preferred authentication method, or to use an authentication service different from the one you are currently using, perform the following steps.
- Go to the My Account link at the top left corner.
- Select the Manage my TFA settings option.
- Click the Edit button.
- Choose your preferred authentication method from the options available.
- In the case of having the Google Authenticator service as your preferred method, the next dialog box prompts you to scan the QR code presented and enter the code generated by the app in your smartphone.
- Click the Verify button.
Note:
For users with Duo Security as the preferred authentication service, in the case of loss/replacement of your smartphones, TFA can still be performed smoothly by deleting the account in Duo. Follow the above steps, choose Duo Security as your preferred authentication method, and enable Duo Security once again to start from scratch.