Verification Codes

Identity Verification codes provide additional security when Users Reset their Password / Unlock Locked out accounts. The identity of a user is verified through verification codes sent to the users Configured Communication Medium - "Email address" or "Mobile Number".

The selected communication medium would receive a code from ADSelfService Plus server, which the user should reproduce in-order to establish his identity at the time of password reset / account unlock.

Apart from verification codes, you can also choose to send a "Secure Password Reset/Account Unlock Link" via email to verify a user's identity. When this option is enabled, an email containing a secure password reset / unlock account link will be sent to the users' email address. Clicking on the secure link will take the users to the self password reset or unlock account page from where they can reset their password or unlock their account.

Note: The option to send a "Secure Password Reset/Unlock Account Link" is available only for those users who request password self-service via a web browser and not via mobile apps. Also, the link can be sent via email only; sending it via SMS is not supported as of now.

  • Configuration of  mail  server  is  a must  for  both  e-mail  notification  &  mail notification. If not configured, then  click the "click here"  link  to  go to the "Mail Server" configuration  page.

 

 

To Configure Notification of Verification Code to a user's Email address:

  1. Click the "Configuration" Tab -->>Multi-factor Authentication (Under "Self Service" section)

  2. Select the "Policy" for which Verification Code is to be configured.

  3. Click on the "Verification Code" Tab

  4. Provide a Check against Enable Verification Code and a Check against "E-mail Address" checkbox

  5. Enter the Subject in the text box provided

  6. Enter the "Message".

  7. Click "Save" to save the settings.

  • ADSelfService Plus stores user's email addresses in its database. The email address is collected at the time of user enrollment.

  • The existing message can be modified to provide any user defined message.

  • %username% is a custom attribute used to send a customized message to the end-user. You can also provide other LDAP attributes to address a user %givenName%, %sn%, %initials%, %displayName%, %userPrincipalName%, %sAMAccountName%, %mail%, %distinguishedName% or any other naming format.

  • %confirmCode% is the Custom Attribute for the code generated by ADSelfService Plus at the time of notification. We recommend not to modify the attribute when editing the message.

 

To Configure Notification of Verification Code to a user's Mobile Number:

  1. Click the "Configuration" tab -->>Multi-factor Authentication (Under "Self Service" section)

  2. Select the "Policy" for which Verification Code is to be configured.

  3. Click on "Verification Code" tab

  4. Provide a Check against Enable Verification Code and a Check against "Mobile Number" checkbox

  5. Enter the "Message" in the text box provided.

  6. Click on "Save" to save the settings.

  • ADSelfService Plus stores user's mobile numbers in Active Directory's "otherMobile" attribute.

  • %confirmCode% is the Custom Attribute for the code generated by ADSelfService Plus at the time of notification. We recommend not to modify the attribute when editing the message.

  • Click on the "Macros" link to view supported LDAP and Custom Attributes when sending Notification to a mobile numbers.

 

Configure both "Email" and "Mobile Number" Verification Codes

When you check both "Email" and "Mobile Number" check boxes, the user is provided a choice of medium to get notified of the confirmation / verification code.

  1. Click the "Configuration" tab -->>Multi-factor Authentication (Under "Self Service" section)

  2. Select the "Policy" for which Verification Code is to be configured.

  3. Click the "Verification Code" tab

  4. Provide a Check against Enable Verification Code and a Check against "Mobile Number" and "E-mail Address" checkboxes.

  5. Enter the Message.

  6. Click on "Save" to save the settings.

 

To Configure Secure Password Reset/Account Unlock Link via Email:

  1. Click the "Configuration" tab -->>Multi-factor Authentication (Under "Self Service" section)

  2. Select the "Policy" for which the Secure Link is to be configured.

  3. Click the "Verification Code" tab

  4. Provide a check against Enable Verification Code and a Check against "E-Mail Address" checkbox

  5. Provide a check against "Send Secure Link via Email"

  6. Enter the message in the text box provided along with the %secureLink% macro

  7. It is important to include the %secureLink% macro in the email message content for this feature to work.

  8. Click on "Save" to save the settings

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine