Restrict Users :

In this page we discuss

The users who can be restricted from using the License

License management involves restricting users who fall under the following six categories:
  1. Users with expired accounts
  2. Users with disabled accounts
  3. Inactive Users
  4. Deleted Users
  5. Service Accounts
  6. Smart Card Users.
1.Users with expired accounts:

User accounts that are created for a shorter period of time (e.g. in the case of a temporary employee) will expire. There’s no point in maintaining an expired account, so a user with an expired account automatically will be stripped of their license.

2.Users with disabled accounts:

Administrators have the right to disable a user account, for instance in the case of a user leaving the organization. By disabling a user account, the administrator denies that user access to the ADSelfService Plus portal.

3.Inactive Users:

ADSelfService Plus’ License Management feature allows administrators to block users who have been inactive for a specified time period (any number of days). This feature helps administrators take precautionary steps to prevent any disarray in the organization.

4.Deleted Users:

Just as the License Management feature restricts inactive users, it can also prevent deleted users from accessing the ADSelfService Plus portal. As in the cases above, there’s no need to waste licenses on users who have been deleted from the organization.

5.Service Accounts:

A service account is a user account that is created explicitly to provide only the required security permissions to services that are running. Resetting the password for a service account will stop the service from running. To avoid such cases, service accounts are restricted from accessing the ADSelfService Plus portal.

6.Smart Card Users:

Users can use a smart card to authenticate themselves in AD. Administrators can restrict smart card users from accessing the ADSelfService Plus password management portal to save licenses.

Configuring the License Management Feature:

The license management feature can be configured to restrict users either manually or automatically.

Restrict Users Manually:
  1. Navigate to Admin → License Management → Restrict Users
  2. Click the Restrict Users from the right corner of the page.
  3. Select the required Domain
  4. Select the desired OUs (if you want to restrict users from a particular OU).
  5. From the Account Type drop-down menu select the type of users you want to restrict.
  6. Click Generate. A list of users of the selected type will be generated.
  7. Select the users you want to restrict. You can select all the users at once or a particular user.
  8. Click Restrict
    Once restricted, the user will not be able to log in or perform any actions using ADSelfService Plus. The enrollment data of the user will be deleted too.

Restrict Users Automatically:

  1. Navigate to Admin → License Management → Restrict Users
  2. Click Schedule to Restrict/Unrestrict from the top righ corner. You will be taken to the Restrict Users Scheduler page
  3. Click Add New Scheduler
  4. Enter a Name and Description for the scheduler
  5. Select the domain and the desired OUs
  6. Now select the type of users that you want to restrict
  7. Specify the duration for running the scheduler
  8. You can also specify a email ID to which the restricted users list will be sent periodically
  9. Click Create

Enabling A Restricted User:

Once restricted, the user will not be able to log in or perform any actions using ADSelfService Plus. The enrollment data of the user will be deleted too.

  1. Navigate to Admin → License Management → Restrict Users. The restricted users list will be displayed
  2. Select the users you want to reinstate
  3. Click Unrestrict Users
  4. A message box will appear stating that the user was successfully reinstated

Reinstate Users Automatically:

  1. Navigate to Admin → License Management → Restrict Users.
  2. Click Schedule to Restrict/Unrestrict from the top righ corner. You will be taken to the Restrict Users Scheduler page
  3. Click Unrestrict Users tab.
  4. Select the Domain you want to set up auto reinstation.
  5. Select Enable scheduler to unrestrict users.
  6. Select the types of users.
  7. Click Save.
  8. Note : This action will be executed during ADSynchronizer scheduler runs.

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
  •  
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

Copyright © 2021, ZOHO Corp. All Rights Reserved.