With an estimated 70 percent of breaches starting at endpoints—laptops, workstations, and servers—it's high time that admins take action to prevent these intrusions by leveraging multi-factor authentication (MFA). Endpoint MFA ensures minimal risk to sensitive data, even in cases where passwords are compromised due to inadequate password hygiene.
ADSelfService Plus offers Endpoint MFA for Windows, macOS, and Linux endpoint logins. With Endpoint MFA in place, users are first authenticated through Active Directory (AD) domain credentials, and next through one of the supported authentication techniques such as one-time passwords (OTPs) sent via SMS or email. So even if a hacker steals user credentials, they still need access to the second factor: the users' email or mobile phone.
According to the SANS Software Security Institute, organizations are hesitant to employ MFA because of:
ADSelfService Plus dispels both these misconceptions by providing a variety of authentication techniques that don't always require external hardware devices (e.g. security questions) or affect user productivity (e.g. fingerprint authentication). However, it stands to reason that different sets of users are comfortable with different authentication techniques. Asking users who are only familiar with OTPs to use hardware tokens will generate a lot of complaints. Also, some users have more privileges than others; protecting these privileged accounts with additional authentication techniques makes more sense than implementing the same number of authentication factors for all users across the organization.
ADSelfService Plus allows admins to utilize different approaches to different sets of users to limit user disruptions. For example, with ADSelfService Plus, admins have the option to enforce OTPs, tokens, or security questions for one set of users (say, users inside the LAN network); and configure fingerprint, push, or QR-based authentication for another set of users (say, C-level executives or remote employees).
ADSelfService Plus provides features to help admins:
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.