ADMP - ADSSP Integration

    ManageEngine ADSelfService Plus is a secure, web-based, end-user password reset management program. This software helps domain users to perform password self service, account self service and self service of their personal details (e.g telephone number, e-mail id, etc.,) in Microsoft Windows Active Directory.

    Help Desk Assisted Self-Service with ADSelfService Plus mandates the following prerequisites:

    • A licensed installation of ADManager Plus
    • Rightly configured Admin settings in other ME Products page of ADSelfService Plus

    Self-Service Approval Workflow:

    By enabling the Self-Service Approval Workflow feature you can route self-service requests from end-users through your IT help desk for approval. Only after approval from the IT help desk, the self-service requests will be updated in Active Directory. This feature will help you take hold of users’ self-service operations and maintain control over what details get updated in Active Directory. Refer the image below for better understanding.

    ADMP - ADSSP integration

    Steps to integrate ADSelfService Plus with a Workflow Provider

    Before you can enable this feature, you need to integrate ADSelfService Plus with ADManager Plus, the workflow provider and our Active Directory Management and Reporting solution. The requests created by users from ADSelfService Plus can be managed and executed by your IT help desk staff using ADManager Plus.

    Below are the steps for integrating ADManager Plus and ADSelfService Plus:

    • Download, install and launch ADManager Plus.
    • Now launch ADSelfService Plus and log in as an administrator.
    • Go to Admin --> Product Settings --> Connection. Under Configure Other ManageEngine Products section, select ManageEngine ADManager Plus as the Application Name.
    • Enter the Server Name / IP Address and Port number of ADSelfService Plus.
    • Select the protocol (http or https) that is being used in ADManager Plus from the drop-down menu.
    • Enter the username and password of ADManager Plus administrator account.
    • Click Test Connection and Save.

    Once integrated, you can enable Approval Workflow in ADSelfService Plus

    Steps to configure Self-Service Approval Workflow

    • Launch ADSelfService Plus and log in as an administrator.
    • Navigate to Configuration --> Administrative Tools --> Approval Workflow.
    • Select Enable Approval Workflow.
    • Now select which self-service actions should come under the approval workflow process from the available actions.
    • Now, select the policies for which you want to enable approval workflow.
    • Click Save.

    Steps to configure Approval Workflow for Reset Password and Unlock Account Actions

    • If you have enabled approval workflow for reset password and account unlock actions, then you have to configure security questions.
    • This will be used by the help desk technicians to verify end-users' identities before approving their actions.
    • Follow the steps given below: Launch ADSelfService Plus and log in as an admin.
    • Navigate to Configuration --> Administrative Tools --> Approval Workflow.
    • Select Enable Approval Workflow.
    • Enable Reset Password/Unlock Account option. Click Configure.
    • In the dialog box that opens, you will see a list of security questions already configured by default.
    • You can add, delete, edit, enable and disable the security questions as you wish.
    • To add a new security question, click Add Question link at the bottom of the dialog box.
    • Enter the security question and select the corresponding LDAP attribute.
    • The value of the selected attribute will serve as the answer to the security question.
    • Once you have configured the security questions, close the dialog box and click Save.

    From the ADManager Plus console the administrator may set 'Assigning rules' and 'Notification rules' as per one's requirement.