With an estimated 70 percent of breaches starting at endpoints, it's high time that admins take action to prevent these intrusions by leveraging multi-factor authentication (MFA). Endpoint MFA ensures users prove their identity through additional authentication methods like biometrics during workstation, server, VPN and OWA logins. Implementing Endpoint MFA mitigates the risks of exposing sensitive data, even in cases where passwords are compromised due to inadequate password hygiene.
ADSelfService Plus offers Endpoint MFA to help organizations secure multiple points of access to organization's sensitive resources. ADSelfService Plus' Endpoint MFA secures access to:
Moreover, ADSelfService Plus offers offline MFA for Windows machines which ensures the security of offline remote workers during machine logons.
With Endpoint MFA in place, users are first authenticated through Active Directory (AD) domain credentials, and next through authentication techniques such as one-time passwords (OTPs) sent via SMS or email, or Yubico OTP configured in ADSelfService Plus. So, even if hackers leverage compromised user credentials, their attack attempts can be thwarted through MFA.
According to the SANS Software Security Institute, organizations are hesitant to employ MFA because of:
ADSelfService Plus dispels both these misconceptions by providing 17 authentication techniques that don't always require external hardware devices (e.g. AD-based security questions) or affect user productivity (e.g. biometrics). However, it stands to reason that different sets of users are comfortable with different authentication techniques. Asking users who are only familiar with OTPs to use hardware tokens will generate a lot of complaints. Also, some users have more privileges than others; protecting these privileged accounts with additional authentication techniques makes more sense than implementing the same number of authentication factors for all users across the organization.
ADSelfService Plus allows admins to utilize different approaches to different sets of users to limit user disruptions. For example, with ADSelfService Plus, admins have the option to enforce OTPs, tokens, or security questions for one set of users (say, users inside the LAN network); and configure more stringent authentication techniques like fingerprint or FaceID authentication for another set of users (say, C-level executives or remote employees).
Find the complete list of supported authenticators here.
ADSelfService Plus provides features to help admins:
Ensure a seamless login experience for users irrespective of the platform they use.
Get a leg up on the challenges caused by weak user passwords, password reuse, and credential-based attacks.
Meet NIST SP 800-63B, GDPR, and HIPPA compliance mandates.
Secure both local and remote login attempts to Windows, macOS, and Linux machines.
Enable context-based MFA with 19 different authentication factors for endpoint and application logins.Learn more
Allow users to access all enterprise applications with a single, secure authentication flow.Learn more
Enhance remote work with cached credential updates, secure logins, and mobile password management.Learn more
Establish an efficient and secure IT environment through integration with SIEM, ITSM, and IAM tools.Learn more
Delegate profile updates and group subscriptions to end users and monitor these self-service actions with approval workflows.Learn more
Create a Zero Trust environment with advanced identity verification techniques and render your networks impenetrable to threats.Learn more