ADSelfService Plus mobile app supports authentication features that enable end users to use the app as an authenticator to prove their identities during self-service password reset and account unlock processes. The ADSelfService Plus Mobile App Authenticator supports the following authentication methods:
Push Notification is the easiest and quickest way of authenticating. Users will get a login request sent to their phone. They just need to press Approve to authenticate or press Deny to reject requests that they were not expecting.
Fingerprint Authentication requires users to use the fingerprint sensor in their mobile devices to authenticate. Fingerprint Authentication can only be used if the users’ mobile devices support fingerprint sensor.
In this method, users need to scan the QR Code shown in ADSelfService Plus web portal using the ADSelfService Plus mobile app.
Once enrolled for TOTP, the mobile app generates time-based passcodes that change every one minute. Users need to enter the 6-digit passcode when prompted during the authentication process.
Mobile Authenticator feature is available in ADSelfService Plus mobile app for Android and iOS.
Mobile authenticator is a device-based enrollment. If you change your mobile device or uninstall the app after enrollment, you cannot use mobile app authenticator method for authentication. You must enroll again from the new device or after reinstalling the app.
Steps to enable Mobile Authenticator
Log in to ADSelfService Plus as an administrator.
Navigate to Configuration > Self-Service > Policy Configuration > Multi-factor Authentication.
Select the policy for which the Mobile Authenticator is to be configured.
Click the Mobile Authenticator tab.
Select the Enable Mobile Authenticator option.
Now select an authentication method from the options available. You can select any one option or all.