Forgotten passwords are an unfortunate fact of life, but password reset tickets aren't. While it's impossible to recover forgotten or expired Active Directory (AD) passwords, they can be securely reset without requiring help desk assistance. Empower your users to reset their own passwords with ADSelfService Plus.
ADSelfService Plus' self-service features allow end users to securely reset their forgotten passwords, unlock their accounts, and update their profile information in AD—all without help desk intervention. Users can reset their passwords from the login screens of their Windows, macOS, and Linux machines; a web browser; or their mobile devices (using the ADSelfService Plus app). As soon as you deploy ADSelfService Plus, all users have to do is access the self-service portal, verify their identity, and configure their AD password to gain access to the system.
ADSelfService Plus supports multi-factor authentication to secure password self-service activities. Users can only reset their passwords or unlock their accounts after confirming their identities through any of the solution’s 15 authentication methods:
While self-service password resets are a boon to any organization, you do not want users to endanger their accounts by resetting their passwords to weaker ones that easily lead to data breaches. ADSelfService Plus' Password Policy Enforcer allows you to create rules to ensure password complexity. With these rules, you can mandate the inclusion of multiple character types in passwords, restrict the use of dictionary words and phrases, restrict end users from using certain characters from old passwords and usernames, and more. By integrating ADSelfService Plus with the Have I Been Pwned? service, you can also restrict end users from using passwords that have already been exposed.
Using self-service policies, you can selectively grant users the ability to reset their passwords and perform other self-service actions. Self-service policies allow you to enable the self-service password reset capability for users belonging to specific AD domains, OUs, and groups. You can enable specific authentication methods for a group of users. You can also choose to allow a set of users to reset their passwords from one access point, like their logon screens, and provide other users with the self-service capability from another platform, like their mobile devices.
Eliminate expired passwords with ADSelfService Plus' password and account expiration notifications. ADSelfService Plus will automatically search your organization's AD for users whose passwords are about to expire, then send them phased reminders in the form of email, SMS, or push notifications to change their passwords. Users can change their soon-to-expire passwords via ADSelfService Plus' web portal and mobile app.
Typically, some users will fail to change their passwords on time, despite receiving multiple notifications, and ultimately find themselves locked out of their own systems. Save your help desk the time and frustration with ADSelfService Plus' automatic password reset/unlock account feature. It resets any expired passwords to a default value set by the administrator and automatically unlocks any locked accounts.
Receive email notifications whenever users perform password resets or any other self-service action. ADSelfService Plus also offers real-time audit reports that document everything, from the time of the password reset to the IP address on which it was performed. You can also create an approval workflow where users have to raise a request with the help desk and get it approved in order to perform a password reset.
Empower end users to reset their domain passwords in AD or unlock their AD accounts without administrator or IT help desk intervention. Learn about Password self-service.
Synchronize all AD password resets and changes with a range of SaaS and on-premises applications in real time. Learn about Real-time password synchronizer
Notify users of their impending password expiration via SMS, email, and push notifications. This feature is also available as a free tool for unlimited users. Learn about Password expiration notification.
Implement a secure, simple password policy by letting administrators set preconfigured or custom password policies. Learn about Password policy enforcer.
Enable users to access their Windows accounts from anywhere with ADSelfService Plus' Android and iOS mobile applications. Learn about Mobile applications.
Automatically update cached domain credentials on users' machines when they reset their passwords. That way, users can access their Windows machines even when they're not connected to the corporate network. Learn more Cached credentials update.
Keep your corporate white pages up-to-date by allowing users to update their own information in AD. Learn more Directory self-update.