Pricing  Get Quote
 
 

User Identity Verification

Modernize user authentication with MFA Secure user access with multiple factors to prevent sophisticated cyberattacks

Thank you for downloading!

Your download should begin automatically in 15 seconds. If not, click here to download manually.

  • Please enter a business email id
  •  
  •  
    By 'Downloading', you agree to processing of personal data according to the Privacy Policy.
 

Adopt MFA to amp up your cyber defense

Multi-factor authentication (MFA) helps reduce the attack surface and protects your business by requiring a higher level of identity assurance. It can be enabled for all users, and all systems—both cloud and on-premises applications and endpoints—in your network. You can leverage ManageEngine ADSelfService Plus to effectively and effortlessly deploy MFA in your organization and protect your business.

MFA for SSPR

Enable users to perform self-service password reset (SSPR), and self-service account unlock only after they prove their identity via the enforced authenticators

MFA for application access

Regulate enterprise application access via single sign-on (SSO) with advanced authenticators including biometrics, or RSA SecurID.

MFA for endpoint access

Secure local and remote access to Windows, macOS, and Linux OS with MFA.

Implement MFA everywhere you need it

ADSelfService Plus enables IT administrators to trigger a preconfigured authentication workflow once a user initiates a password self-service, SSO, or endpoint login. Using this workflow, IT admins can enforce different authenticators for different sets of users, based on their OU, domain, and group memberships.

  • multi-factor authentication configuration
  • multi-factor authentication setting

Key benefits of using MFA with ADSelfService Plus

Secure remote logon attempts

ADSelfService Plus secures both local and remote login attempts to servers and workstations.

Defend against credential-based attacks

With MFA, ADSelfService Plus tackles all credential-based cyberattacks, including brute force, password spray, and dictionary attacks.

Ensure regulatory compliance

ADSelfService Plus meet NIST SP 800-63B, NYCRR, FFIEC, GDPR, and HIPAA compliance mandates.

How does ADSelfService Plus verify user identities?

ADSelfService Plus in action

A complete list of authenticators supported by ADSelfService Plus

Security questions and answers

Users enroll in ADSelfService Plus by answering several user-specific questions; the answers are then stored securely in the ADSelfService Plus database after encryption. To reset their password or unlock their account, the users are required to prove their identity by answering the questions previously provided. IT admins can further strengthen identity verification with options to prevent users from using the same answers to multiple questions, or any word from the questions, and other parameters.

SMS and email verification codes

When users attempt to reset their passwords or unlock their accounts, a verification code is sent to their mobile number or email address. IT admins also have the option to send a secure link via email that enables the user to reset their password, or to specify the number of invalid attempts a user can enter before they are temporarily blocked from logging in. To send the password reset link, IT admins can configure ADSelfService Plus to acquire the mobile number and email address information from the corresponding Lightweight Directory Access Protocol (LDAP) attributes in Active Directory (AD).

Google Authenticator

ADSelfService Plus supports Google Authenticator, a widely-used, third-party authentication application for mobile phones. Users enroll with ADSelfService Plus by scanning a QR code. When performing any self-service operation, users are required to open the app and enter the code displayed in Google Authenticator to prove their identity.

Microsoft Authenticator

ADSelfService Plus supports Microsoft Authenticator, a widely-used, third-party authentication application for mobile phones. Once users are enrolled in ADSelfService Plus, they can prove their identity during password self-service actions and endpoint logins by entering the code displayed in Microsoft Authenticator.

YubiKey Authenticator

ADSelfService Plus supports YubiKey, an authentication device that identifies itself as a keyboard, and delivers a one-time password. Once enrolled, users can use the YubiKey device to prove their identity during password self-service actions and endpoint logins.

Using YubiKey to prove identity from

  • 1. Workstation: Users plug in the YubiKey device to their desktop or laptop, place the cursor in the corresponding field, and press or hold the button on the plugged-in YubiKey device. The code is automatically updated.
  • 2. Mobile device: When users tap their YubiKey device with their mobile devices, they are redirected to a page displaying a passcode. They copy the passcode and paste it in the respective field to prove their identity.
Load More

Duo Security

ADSelfService Plus supports Duo Security for MFA. Users are first required to enroll with Duo Security. When this authentication technique is enabled and users attempt to reset passwords or unlock accounts, they are required to select a mode of communication (push notification, SMS, or call) through which Duo Security sends a verification code. Upon successful verification, users can employ password self-service to manage their password and accounts.

RSA SecurID

ADSelfService Plus can be integrated with RSA SecurID to provide protected authentication for users trying to access a network resource. When resetting a password or unlocking an account, users can use the security codes generated by the RSA SecurID mobile app, hardware tokens, or tokens received by email, or SMS to log in to ADSelfService Plus.

RADIUS

ADSelfService Plus enables IT admins to add RADIUS as an additional resource for user authentication. Users are required to provide their RADIUS passwords to authenticate themselves. Once their accounts are verified, users can perform self-service operations, or advance to the next authentication factor as required by the protocol.

Push notifications

This is one of the easiest and quickest methods of authentication. With push notifications enabled, users will receive a login request sent fromADSelfService Plus to their registered mobile device. They can either approve the authentication request, or reject it if they did not initiate the request. Once enrolled, users can also reset their password, or unlock their account from their mobile app using push notifications.

Fingerprint authentication

A person's fingerprints are unique, and fingerprint authentication is one of the easiest, yet most secure authentication methods. If a user's registered mobile device has a fingerprint sensor, they can use their fingerprint to authenticate password resets, and account unlocks from the ADSelfService Plus mobile app.

Face ID authentication

Biometrics authentication is one of the most foolproof authentication techniques available today. ADSelfService Plus supports identity verification through Face ID (facial recognition) in iOS mobile devices for users that have installed and set up the ADSelfService Plus mobile app on their iPhone.

QR code-based authentication

The ADSelfService Plus mobile app is all that users need to use QR codes for authentication. Users can simply scan the QR code displayed on their ADSelfService Plus web portal from their registered mobile device to complete the process.

Time-based one-time password (TOTP)

One of the most commonly used methods of authentication is TOTP. ADSelfService Plus' mobile app generates TOTPs that change every minute. Users are required to enter the 6-digit passcode during the authentication process within a minute to complete their identity verification.

AD-based security questions

ADSelfService Plus enables IT admins to establish Active Directory-based security questions as one of the MFA methods to verify user identity during a self-service password reset. When this method is enabled, the security questions are linked to an Active Directory attribute, and users are successfully authenticated when their answers match that specific attribute's value. For example, assume that the IT admin has selected "What is your social security number?" as an AD-based security question. Whenever the user attempts a password reset, they're required to enter their social security number as an answer, the specified value of the custom attribute. If entered incorrectly, the password reset operation is canceled. Since this technique utilizes the users' Active Directory attributes, they need not enroll with ADSelfService Plus separately.

 

Get ADSelfService Plus
and solve all your password management troubles.

Thank you for downloading!

Your download should begin automatically in 15 seconds. If not, click here to download manually.

  • Please enter a business email id
  •  
  •  
    By clicking 'Downloading', you agree to processing of personal data according to the Privacy Policy.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link