Help Document

Identity verification

ADSelfService Plus verifies your identity using the information you provide during the enrollment process. Here is a list of authentication techniques available in ADSelfService Plus.

  • Security questions and answers: You must provide valid answers to security questions to verify your identity. Click here for the complete configuration steps.
  • Verification code: You must enter a code sent via SMS or email to verify your identity. Click here for the complete configuration steps.
  • Duo Security: You must use a Duo Security push notification, call, or code to verify your identity. Click here for the complete configuration steps.
  • RSA SecurID: You must use a hardware token to verify your identity. Click here for the complete configuration steps.
  • RADIUS authentication: You must use your RADIUS password to verify your identity. Click here for the complete configuration steps.
  • SAML authentication: You must log in to your identity provider to verify your identity. Click here for the complete configuration steps.
  • Active Directory security questions: You must enter a valid answer to an Active Directory security question to verify your identity. Set by your administrator, the Active Directory security questions will mostly be about your Active Directory profile information, such as your mobile number or email address. Sometimes, it might also include a secret answer provided by your administrator. Click here for the complete configuration steps.
  • Mobile authentication: You must use a push notification, your fingerprint, a QR code, or a time-based, one-time passcode (TOTP) in the ADSelfService Plus mobile app to verify your identity. Click here for the complete configuration steps.
  • Yubikey Authenticator: You must enter a valid one-time-passcode (OTP) generated by the Yubikey Authenticator. Click here for the detailed steps.

Note: Your admin might choose to enforce any or all of the authentication techniques available in ADSelfService Plus. Based on the enforced multi-factor authentication techniques, you'll need to provide certain information. For example, say your admin has enforced security questions and answers as the method of authenticating your identity. You'll then need to provide appropriate answers to the displayed questions.

Security questions and answers

  • In the ADSelfService Plus user portal, go to Enrollment → Security Questions.
  • Depending on how your admin has configured this authentication technique, you might see any one of the following windows.
    • Mandatory security questions: Your administrator will have already configured the security questions. All you have to do is provide appropriate answers.

      • Manadatory questions

    • Custom security questions: Create your own security questions and provide appropriate answers.

      • Custom security questions.

    • Select a question from the list: A set of security questions defined by your administrator will be displayed. Choose the questions you’d like to use for authentication, and then provide the appropriate answers.

      • Custom security questions

  • Click Next.

Mobile numbers

Get a verification code sent to your mobile number

  • In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Verification code on your mobile.
  • Enter your mobile number.
  • Enter the code sent to your mobile number to verify your identity.
  • Click Next.

    • Enrollment using Mobile numbers

Email address

Get a verification code sent to your email address

  • In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Verification code on your email.
  • Enter your email address and click Send Code.
  • Enter the code sent to your email address to authenticate your identity.
  • Click Next.

    • Enrollment using email address

Google Authenticator

Prerequisite:

Download the Google Authenticator app on your mobile device from the Google Play Store or the Apple App Store.

Configuration steps:

  • In the ADSelfService Plus user portal, go to Enrollment → Google Authenticator. A barcode will be displayed.
  • Go to the Google Authenticator app and select Scan barcode. Scan the displayed barcode.
  • A one-time-passcode is generated in Google Authenticator.
  • Switch to the user portal and type the one-time-passcodein the Enter code field.
  • Click Next.

    • Enrollment using Google Authenticator

Duo Security

  • In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Duo Security.
  • Follow the steps given on the webpage.
  • Click Next.

    • Enrollment using email address

RSA SecurID

  • In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → RSA SecurID.
  • Enter the RSA Pass Code you received from your administrator.
  • Click Next.

    • Enrollment using email address

RADIUS authentication

For RADIUS authentication, you are not required to enroll from the ADSelfService Plus portal. Please contact your administrator for the RADIUS password that is mapped to your account.

SAML authentication

For SAML authentication, you are not required to enroll from the ADSelfService Plus portal. Please contact your administrator to receive the identity provider credentials that are mapped to your account.

Active Directory security questions

For Active Directory security questions, you are not required to enroll from the ADSelfService Plus portal. However, if you're unsure about the questions displayed, please contact your administrator.

Push alert authentication

  • Log in to the ADSelfService Plus mobile app and click Enrollment → Push Authenticator.
  • Follow the steps displayed on the webpage.

    • Enrollment using push alert authentication

  • Click Next.

Fingerprint authentication

  • Log in to the ADSelfService Plus mobile app and click Enrollment → Fingerprint Authenticator.
  • Follow the steps displayed on the webpage.

    • Enrollment using Fingerprint authenticator

  • Click Next.

QR code authentication

  • Log in to the ADSelfService Plus mobile app and click Enrollment → QR Code Authenticator.
  • Follow the steps given on the webpage.

    • Enrollment using QR code authenticator

  • Click Next.

TOTP authentication

  • Log in to the ADSelfService Plus mobile app and click Enrollment → TOTP Authenticator.
  • Follow the steps given on the webpage.

    • Enrollment using TOTP Authentication

  • Click Next.

Microsoft Authenticator

  • In the ADSelfService Plus user portal, go to Enrollment → Microsoft Authenticator. A QR code will be displayed.
  • Go to the Microsoft Authenticator app and select Scan QR code. Scan the displayed QR code.
  • A one-time-passcode is generated in your Microsoft Authenticator app.
  • Switch to the user portal and type the one-time-passcode in the Enter code field.
  • Click Next.

Yubikey Authenticator

  • Log in to the ADSelfService Plus mobile app and click Enrollment → Yubikey Authenticator.
  • Plug in the Yubikey device to your workstation. Place the cursor in the field below and press/hold the button on the plugged-in Yubikey device depending on the slot configured. The code is automatically updated.
  • Click Next.

    • Yubikey Authenticator

© 2020 Zoho Corporation Pvt. Ltd. All rights reserved.