Pricing  Get Quote

Endpoint MFA for macOS

Endpoint multi-factor authentication for macOS

With one in three data breaches attributed to stolen credentials, multi-factor authentication (MFA) has rightfully become a focal point for many IT organizations. Most employees succumb to the pressure of managing multiple passwords and resort to reusing or creating weak passwords, making them an easy target for cybercriminals. Enabling ADSelfService Plus' endpoint MFA capabilities adds a second factor to authenticate user identity and authorize access to sensitive IT resources.

Logging in to macOS systems with ADSelfService Plus

Employees' desktops and laptops, besides storing confidential data and cached credentials, can also serve as an entry point for a cyberattack. Without system-based MFA, cybercriminals could leverage a compromised user account to access the user's machine and connected IT systems.

When ADSelfService Plus' MFA for macOS is enforced, users will be required to authenticate their identity via two factors before they can access their machine. The first factor is generally the user’s Active Directory (AD) credentials, and the second factor is often customized security questions or a one-time passcode via email or SMS.

ADSelfService Plus supports:

  1. Security questions and answers
  2. Email verification
  3. SMS verification
  4. Google Authenticator
  5. Duo Security
  6. RSA SecurID
  7. RADIUS authentication
  8. Push notification authentication
  9. Fingerprint authentication
  10. QR code-based authentication
  11. Microsoft Authenticator
  12. Time-based one-time passcodes (TOTPs)
  13. AD-based secret questions

ADSelfService Plus also supports a second factor of authentication for local and remote Windows logons.

How MFA trumps cyberattacks

How MFA trumps cyberattacks

System-based MFA safeguards sensitive data even in cases where passwords are compromised. That is, if a cybercriminal steals a user’s password via a credential-based attack or data-hoarding site, they still need access to the user's phone or email to advance to the second authentication factor.

SMS and email-based verification codes, as well as the authentication codes from Duo Security and RSA SecurID, are unique. These codes can only be used once and will expire if they aren't entered within a certain period.

Other highlights of ADSelfService Plus' MFA for macOS logons:

  • MFA at a granular level: Configure MFA based on a user’s domain, organizational unit (OU), or group membership to enforce specific second factors of authentication based on users' privileges.
  • Compliance with regulatory mandates: Meet compliance mandates of NIST SP 800-63B, NYCRR, FFIEC, the GDPR, and HIPAA with ADSelfService Plus’ macOS MFA.
  • Two-factor authentication (2FA) for Windows logons: Secure local and remote access to Windows machines with ADSelfService Plus.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management