Multi-factor Authentication:

The multi-factor authentication options provided by ADSelfService Plus allows you to determine what and how end-users' authentication info (used to reset password or unlock account) should be.

1. The multi-factor authentication techniques can be configured from the "Configuration" Tab of ADSelfService Plus

2. Choose the Policy from the drop down.

3. You have three tabs to choose from to configure multi-factor authentication techniques for your End-Users.

1. Security Question & Answers.

2. Verification Code.

3. Google Authenticator.

4. Duo Security.

5. RSA SecurID.

6. RADIUS Authentication.

7. Mobile Authenticator.

8. SAML Authentication.

9. AD Security Questions.

10. Microsoft Authenticator.

By default, end-users will have the option to prove their identity by any one of the multi-factor authentication methods, even if all the methods are enabled by the administrator. You can also force users to prove their identity via certain verification methods. See Advanced Settings for more information.

To force users to prove their identity via selected authentication methods

• Under Multi-factor Authentication, click Advanced

• Under the Enrollment tab, you will have an option to 'Enforce and reorder the multi-factor authentication options'

• Now select the verification methods that you want to enforce during identity verification and reorder them by dragging them around. You can force any one or two or any combination of the multi-factor authentication options during identity verification.

• Click OK to save the settings

It  is  essential  to  select  at-least  one  of the  seven  multi-factor authentication options for  configuring  the  Identity  Verification  process.

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine