Enrolled Users Report
The Enrolled Users Report provides you with the list of users who have enrolled themselves in ADSelfService Plus. End users must enroll with ADSelfService Plus to securely reset passwords, unlock accounts, and log onto their machines and applications using MFA.
Report filtering and generation
- Use the Select Domain option to select the domain.
- Use the Add OUs option to select OUs.
- Enrollment status: Use the Enroll Status drop-down to filter entries based on whether the users are Enrolled or Partially Enrolled. Enrollment status is considered based on the fulfillment of the below conditions. If all these conditions are satisfied, then the user's enrollment is treated as Enrolled. If not, the user is considered Partially Enrolled.
- Condition 1: The user should have enrolled in all mandatory authenticators.
- Condition 2: The user should have enrolled for the required number of authenticators set by administrators.
- Condition 3: If a security question is configured as an authenticator, the user should have enrolled with all the mandatory questions (set by enabling the asterisk next to the authenticators in the drop-down list) and the correct number of questions (set by checking the boxes next to the authenticators in the drop-down list).
- Enrollment type: Use the Enrollment Type drop-down to filter results based on MFA methods.
- Click Generate to generate the report.
Click any of the columns' headers to view the report's entries in ascending or descending order.
- Click the search icon [ ] to search for specific data displayed in the columns.
- Search for a particular user using their SAM Account Name, Display Name, E-mail Address, Mobile Number, and/or OU Name.
- The search will take place using the contains criteria. For example, if the keyword Jack is searched for in the User Name field, all usernames that contain Jack will be displayed.
Export and more
- UseThe Export As option in the right corner of the page helps export the report in various formats like CSV, CSVDE, HTML, PDF, XLS and XLSX.
- Click More in the top-right corner of the page to see the Printable View, Send Mail, and Export Settings options.
- Use the Printable View option to preview the report.
- Use the Send Mail option to email the report to the desired email addresses.
- Use the Export Settings option to customize the description and logo that will be used in the exported report. Admins can also opt to keep the logo on every page of the exported report.
Disenrolling a user
Disenrollment of a user involves completely removing their enrollment information from ADSelfService Plus. Once a user is disenrolled, they will not be able to perform self-service actions; the user must be enrolled again to perform these actions. Disenrollment of users can be carried out in two different ways:
- Manual: Choose the user you want to disenroll by checking the box in the column to the left of the user, and then click Disenroll next to the search button.
- CSV: Click Bulk Disenroll on the right side of the report header near the navigation buttons. Upload a CSV file that contains a list containing the SAM Account Name, Mobile Number, Mail ID, Secondary E-mail ID, or Secondary Mobile number of the users to disenroll them.
Customizing the report
You can customize the report to include or exclude additional columns with information on AD attributes by clicking the add/remove columns icon at the far left of the navigation buttons.
Generating backup codes
Admins can generate a backup code for an enrolled user when the user's MFA device is not reachable. The user can use each backup code only once. To generate a backup code for a specific enrolled user:
- Go to the Enroll Status column and hover over the enrollment status entry of the specific user. Select the MFA Backup Code option that appears.
- In the Generate MFA Backup Code section that appears, you'll find the following details:
- SAM Account Name: The samAccountName value for the user
- Domain Name: The domain the user belongs to
- Generated time: The date and time that the backup code was generated
- A table displays the newly generated single-use backup code.
- Use the Expire (Mins) field to specify the number of minutes after which the code will expire.
- Click the copy icon next to the backup code to copy it. The code should be sent or conveyed to the user to let them verify their identity without MFA.
- Click Close.
Note: If more than one technician creates backup codes for the same user, then the most recently generated code becomes valid, and this code can only be used once. If the user had generated a backup code themselves, then that will also remain valid until it's used.
Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.
Need technical assistance?
Enter your email ID
Talk to experts