Endpoint Multi-factor Authentication

ADSelfService Plus assists administrators in improving security by supporting Endpoint Multi-factor Authentication (MFA) capability for all major OSs. Once this feature is enabled, users will be required to input their Active Directory (AD) domain credentials, and additionally authenticate via a secondary method configured in ADSelfService Plus.


Steps involved

  1. Log in to the ADSelfService Plus web-console with admin credentials.
  2. Navigate to Configuration → Self-Service → Multi-factor Authentication → Authenticator Settings tab → Endpoint MFA.


  3. In the Choose the Policy field, click the drop-down box and select the policies for which you wish to enable MFA.

    Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.

  4. Check the Select the second authentication factor option.
  5. By default, the Bypass TFA if ADSelfService Plus is down option is selected when you enable Endpoint MFA. If this option is not selected, users would not be able to access their machines when ADSelfService Plus is not accessible.
  6. Click Save.
Copyright © 2020, ZOHO Corp. All Rights Reserved.