Configuring Advanced Settings

 

Enrollment

The settings available under Enrollment Tab are advanced configuration options of ADSelfService Plus during and after User Enrollment.

Force Users to Enroll

This feature allows an administrator to make enrollment mandatory for End-users. In other words, whenever a non-enrolled user logs into ADSelfService Plus. A message which 'prompts the user to enroll' will be displayed.

Once the user enrolls himself with ADSelfService Plus, he would be granted with the rights to access other features of this application.

Hide "Enrollment" tab from end-users page once they enrolled

This feature will prevent users from modifying the security questions. Prominently used in a scenario where an administrator "Auto Enrolls" users with pre-configured security Question and Answers. He denies users the privileges to change Security Question and Answers.

Reorder the identity verification steps and make them mandatory

This feature allows administrators to select which of the multi-factor authentication options will be enforced, and change the order in which they are employed during the reset password/unlock account process. Once selected, the users will be forced to prove their identity via all the selected authentication options and also in the same order as set by the admin.

However, if the user has previously enrolled for only some of the authentication options that are being enforced, he/she will still be able to reset password/unlock account. Also, if none of the multi-factor authentication options are made mandatory, the user will be allowed to prove his identity via an authentication option that he/she chooses.

Verification Code

In the Verification Code tab, you can specify the AD attribute that can be used to get the mobile number or the email address of the user.

Q&A Settings

Under the 'Q & A Settings' tab, you can configure the display settings of the 'Security Q & A' feature, which serves for the purpose of 'User Authentication'.

 

The Q & A Settings tab has two sections

  1. Question Settings

  2. Answer Settings

Question Settings:

 

From the "Question Settings" section you can define the number of questions displayed to the End-User. And also the format in which the questions are to be displayed.

 

Options available under the 'Question Settings' are listed below:

An administrator can select any of these options based on the level of security or convenience that he likes to provide his users.

 

 

Display a finite number of questions out of the Available list:

Note

The settings you configure in the Question Settings section and Answer Settings section are common for two methods of MFA: Security Question and Answer and AD Security Questions.

 

Display Security Questions One by One

Checking this option will display the security questions one by one (ie., one question per page).

Display all Security Questions

Selecting this option will display all the security questions on a single page.

 

Note

Display of Security Questions One by One or All in a Single Page is based on

  1. 'Available list of security questions' configured under Security Question and Answer Settings.

  2. Questions selected to be displayed.

 

 

Answer Settings:

 

An administrator can select any of these 'Answer Settings' options based on the level of security or convenience that he likes to provide his users.

 

Under the 'Answer Settings' option, you are provided with the following 'Self-Explanatory' settings.

Other Settings for Securing the User-Account:

 

In addition to various "Answer Settings" features, ADSelfService Plus also provides other settings that aid in securing an User account by not letting the security answers be compromised.

Store Security Answers Using Reversible Encryption:


When an administrator checks this option, the answers provided by End-Users to validate Security Questions at Enrollment are stored in the product database using a Reversible Encryption. This information can be viewed as a report "Security Questions and Answers Report".

 

Note

  • By default answers are stored using irreversible encryption. The administrator can view the questions Enrolled but answers will remain encrypted in the report.

  • Only the Answers of users who Enroll after this option is checked can be viewed.

  • Only Security answers can be viewed and ADSelfService Plus does not show end-users passwords.



Hide Security Answers During Reset / Unlock Operations:

 

When an administrator checks this option, Answers to Security Questions are hidden to the End-users when they use the application to attempt a Password Reset / Account Unlock operation.

 

Note

  • This lets a user reset his password even when a colleague is near him.

 

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine