As the self-explanatory name "Auto Enrollment" suggests, this feature enrolls the users with the product automatically. This is a crucial step to be completed by anyone seeking to self reset password or self unlock account.
By not waiting for the users' interference in product registration this feature ensures immediate return of investment in highly secure environment. (This feature can only be used in highly secure environment or when IT administrators deem it appropriate.)
With passwords being the only barrier between a resource seeker and a resource in most of the organizations, IT administrators are left with no choice but to step up complexity of passwords to keep hackers at bay. However, this comes with an undesirable side effect: the users, even those with the strongest of memory, tend to forget passwords easily! As a result helpdesk is deluged with password reset tickets!
The only solution to this problem: Deployment of an effective self service password reset software. Now, a self service password reset software, in the first place, should ensure only the rightful reset their passwords. And to do this it cannot resort to "complex passwords" for identity management! That would defeat its very basic purpose! Thus it relies on question-and-answer identity verification method.
During the very first login, a self service password reset software presents or allows users to choose a set of personal questions. Since these are personal questions, users rarely forget their answers and others find it hard to guess them out. This phase where the software maps users with their corresponding answers to challenge questions (in an encrypted format in a database) is called the Enrollment Phase. It is imperative for anyone, who is willing to use a self reset password software, to complete this procedure.
With such a dependency on the end user, it becomes mandatory on the software's part to provide an alternate or easier deployment option. And that is what Auto Enrollment is all about. Using this feature, an IT administrator or a helpdesk agent can enroll end users in no time (instead of waiting for them to answer the security questions) and make the self service password reset software available as soon as it is installed. In other words, an administrator chooses/ defines a very general question for an end user and also provides a common answer to it. This is achieved by importing a .CSV file containing user names and corresponding answers. And the users are ready to self reset passwords or self unlock accounts in no time.
Example: An administrator can select a question "What is your employee ID number?", then create a .CSV file with columns "sAMAccountName" (employee names) and "Answers" (employee ID), and import it. It is as simple as it could get!
Auto Enrollment and Security
Since the challenge questions will be pretty general (such as "what is your employee id" or "what is your roll number?") and their answers can be easily reproduced by anyone related to the domain or organization, this feature can only be used if an administrator deems it appropriate.
Significance of this feature:
This feature will be extremely useful in:
- Educational institutes.
- Organizations with heightened security.
- Organizations where employees habitually await instructions - having got used to the clamp of high IT security - from IT administrator with respect to their computer usage.
Imagine the possible delay in enrollment in these organizations when IT administrator does not intervene! Thus "Auto Enrollment" plays a vital role in these circumstances. In fact, this feature is the result of repeated requests from institutions or organizations from the above mentioned categories.
For other environments, where security is a bigger concern, there is another option - Force Enrollment.