Pricing  Get Quote

Endpoint MFA

Endpoint multi-factor authentication(MFA)

Barricade access to a hacker’s point of contact

With an estimated 70 percent of breaches starting at endpoints, it's high time that admins take action to prevent these intrusions by leveraging multi-factor authentication (MFA). Endpoint MFA ensures users prove their identity through additional authentication methods like biometrics during workstation, server, VPN and OWA logins. Implementing Endpoint MFA mitigates the risks of exposing sensitive data, even in cases where passwords are compromised due to inadequate password hygiene.

Redefining endpoint security with MFA

ADSelfService Plus offers Endpoint MFA to help organizations secure multiple points of access to organization's sensitive resources. ADSelfService Plus' Endpoint MFA secures access to:

  1. Windows, macOS, and Linux machines.
  2. Top VPN providers like Fortinet, Cisco AnyConnect, Pulse, and more.
  3. Endpoints supporting RADIUS authentication such as Citrix Gateway, VMWare Horizon, and Microsoft Remote Desktop Gateway (RDP).
  4. Outlook Web access (OWA) logins.

Complete endpoint protection: ADSelfService Plus' Endpoint MFA in action

With Endpoint MFA in place, users are first authenticated through Active Directory (AD) domain credentials, and next through authentication techniques such as one-time passwords (OTPs) sent via SMS or email, or Yubico OTP configured in ADSelfService Plus. So, even if hackers leverage compromised user credentials, their attack attempts can be thwarted through MFA.

According to the SANS Software Security Institute, organizations are hesitant to employ MFA because of:

  1. The misconception that MFA always requires external hardware devices.
  2. Concerns that MFA might affect user productivity.

ADSelfService Plus dispels both these misconceptions by providing 17 authentication techniques that don't always require external hardware devices (e.g. AD-based security questions) or affect user productivity (e.g. biometrics). However, it stands to reason that different sets of users are comfortable with different authentication techniques. Asking users who are only familiar with OTPs to use hardware tokens will generate a lot of complaints. Also, some users have more privileges than others; protecting these privileged accounts with additional authentication techniques makes more sense than implementing the same number of authentication factors for all users across the organization.

ADSelfService Plus allows admins to utilize different approaches to different sets of users to limit user disruptions. For example, with ADSelfService Plus, admins have the option to enforce OTPs, tokens, or security questions for one set of users (say, users inside the LAN network); and configure more stringent authentication techniques like fingerprint or FaceID authentication for another set of users (say, C-level executives or remote employees).

List of supported authentication techniques:

Simplify administration

ADSelfService Plus provides features to help admins:

  1. Enable MFA based on OUs and groups: Enforce endpoint MFA and use different sets of authentication techniques for different users based on domain, OU, and group memberships.
  2. Ensure 100 percent enrollment: Automate user enrollment by importing users' domain information through CSV files or force enrollment using login scripts.
  3. Get detailed reports: Gain comprehensive insights on user activities such as identity verification failures and login attempts, and also find users with weak passwords.
  4. Simplify authentication: Use authentication techniques like fingerprint authentication, push notification authentication, YubiKey, and QR code-based authentication to help users prove their identity with minimal effort.

Benefits of multi-factor authentication


Seamless login experience

Ensure a seamless login experience for users irrespective of the platform they use.

Prevent sophisticated cyberattacks

Get a leg up on the challenges caused by weak user passwords, password reuse, and credential-based attacks.

Ensure compliance

Meet NIST SP 800-63B, NYCRR, FFIEC, GDPR, PCI DSS, and HIPPA compliance mandates.

Secure remote logon attempts

Secure both local and remote login attempts to Windows, macOS, and Linux machines.

Control user access to Windows, macOS, and Linux today

  • Please enter a business email id
    By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.


Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here


Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management