Enabling MFA for applications

Note: SSO for applications is available only with the Endpoint MFA.

The MFA for applications tab allows you to configure multiple authentication factors for ADSelfService Plus, and SSO-enabled application logins (SP-initiated). Follow these steps to configure MFA for applications:

1. In the MFA for ADSelfService Plus Login section, check the box next to Enable authenticators, enter the number of authentication methods to be enforced and select the authentication methods from the drop-down.

Note: The Professional edition of ADSelfService Plus is required to utilize advanced authenticators for MFA.

2. Click on the asterisk (*) symbol next to the authentication method to set it as mandatory. You can also reorder the authenticators too.
3. In the MFA for Cloud Applications Login section, check the box next to Enable authenticators, enter the number of authentication methods to be enforced and select the authentication methods from the drop-down.
Note: This MFA process will be triggered when a user attempts to access an SSO-enabled application directly.
4. Click Save Settings.

You can further configure the idle time limit, trusted device, and other relevant settings in the Advanced Settings tab.

Passwordless Login

Note: Passwordless logins require the Professional edition of ADSelfService Plus with the Endpoint MFA.

With ADSelfService Plus' Passwordless Login feature, users can finally be free from the trouble of managing passwords. This feature eliminates the need to remember, change, or reset passwords periodically for ADSelfService Plus portal and all enterprise application logins through single-sign-on(SSO). You can now deploy a much stronger and advanced authentication method than passwords, such as biometrics, YubiKey, Google Authenticator, and more.

How Passwordless Login works

1. A user attempts to login to ADSelfService Plus or SSO-enabled enterprise applications with their username in the ADSelfService Plus login page.
2. ADSelfService Plus verifies the given username with Active Directory and redirects the user to the MFA page.
Note: If the user is logging in to ADSelfService Plus for the first time, they will be required to complete password authentication.
3. Here, the user's identity is verified through multiple authentication factors that do not involve passwords, such as Face ID, fingerprint, Google Authentication, and push notifications, as configured by the admin.
4. If the identity verification is successful, the user is logged in to the application.

Enabling Passwordless Login

1. Passwordless Login for ADSelfService Plus login:
• Go to Configuration > Self-Service > Multi-Factor Authentication > Advanced > Applications MFA.
• Check the box next to Enable Passwordless Login under ADSelfService Plus login MFA.
• Click Save Settings.
2. Passwordless Login for SAML SSO:
• Go to Configuration > Self-Service > Multi-Factor Authentication > Advanced > Applications MFA.
• Check the box next to Enable Passwordless Login under the Cloud Application Login MFA.
• Click Save Settings.