Identity verification
ADSelfService Plus verifies your identity using the information you provide during the enrollment process. Here is a list of authentication techniques available in ADSelfService Plus.
- Security questions and answers: You must provide valid answers to security questions to verify your identity. Click here for the complete configuration steps.
- Verification code: You must enter a code sent via SMS or email to verify your identity. Click here for the complete configuration steps.
- Duo Security: You must use a Duo Security push notification, call, or code to verify your identity. Click here for the complete configuration steps.
- RSA SecurID: You must use a hardware token to verify your identity. Click here for the complete configuration steps.
- RADIUS authentication: You must use your RADIUS password to verify your identity. Click here for the complete configuration steps.
- SAML authentication: You must log in to your identity provider to verify your identity. Click here for the complete configuration steps.
- Active Directory security questions: You must enter a valid answer to an Active Directory security question to verify your identity. Set by your administrator, the Active Directory security questions will mostly be about your Active Directory profile information, such as your mobile number or email address. Sometimes, it might also include a secret answer provided by your administrator. Click here for the complete configuration steps.
- Mobile authentication: You must use a push notification, your fingerprint, a QR code, or a time-based, one-time passcode (TOTP) in the ADSelfService Plus mobile app to verify your identity. Click here for the complete configuration steps.
- Yubikey Authenticator: You must enter a valid one-time-passcode (OTP) generated by the Yubikey Authenticator. Click here for the detailed steps.
Note: Your admin might choose to enforce any or all of the authentication techniques available in ADSelfService Plus. Based on the enforced multi-factor authentication techniques, you'll need to provide certain information. For example, say your admin has enforced security questions and answers as the method of authenticating your identity. You'll then need to provide appropriate answers to the displayed questions.
Security questions and answers
- In the ADSelfService Plus user portal, go to Enrollment → Security Questions.
- Depending on how your admin has configured this authentication technique, you might see any one of the following windows.
- Mandatory security questions: Your administrator will have already configured the security questions. All you have to do is provide appropriate answers.

- Custom security questions: Create your own security questions and provide appropriate answers.

- Select a question from the list: A set of security questions defined by your administrator will be displayed. Choose the questions you’d like to use for authentication, and then provide the appropriate answers.

- Click Next.
Mobile numbers
Get a verification code sent to your mobile number
- In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Verification code on your mobile.
- Enter your mobile number.
- Enter the code sent to your mobile number to verify your identity.
- Click Next.

Email address
Get a verification code sent to your email address
- In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Verification code on your email.
- Enter your email address and click Send Code.
- Enter the code sent to your email address to authenticate your identity.
- Click Next.

Google Authenticator
Prerequisite:
Download the Google Authenticator app on your mobile device from the Google Play Store or the Apple App Store.
Configuration steps:
- In the ADSelfService Plus user portal, go to Enrollment → Google Authenticator. A barcode will be displayed.
- Go to the Google Authenticator app and select Scan barcode. Scan the displayed barcode.
- A one-time-passcode is generated in Google Authenticator.
- Switch to the user portal and type the one-time-passcodein the Enter code field.
- Click Next.

Duo Security
- In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Duo Security.
- Follow the steps given on the webpage.
- Click Next.

RSA SecurID
- In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → RSA SecurID.
- Enter the RSA Pass Code you received from your administrator.
- Click Next.

RADIUS authentication
For RADIUS authentication, you are not required to enroll from the ADSelfService Plus portal. Please contact your administrator for the RADIUS password that is mapped to your account.
SAML authentication
For SAML authentication, you are not required to enroll from the ADSelfService Plus portal. Please contact your administrator to receive the identity provider credentials that are mapped to your account.
Active Directory security questions
For Active Directory security questions, you are not required to enroll from the ADSelfService Plus portal. However, if you're unsure about the questions displayed, please contact your administrator.
Push alert authentication
- Log in to the ADSelfService Plus mobile app and click Enrollment → Push Authenticator.
- Follow the steps displayed on the webpage.

- Click Next.
Fingerprint authentication
- Log in to the ADSelfService Plus mobile app and click Enrollment → Fingerprint Authenticator.
- Follow the steps displayed on the webpage.

- Click Next.
QR code authentication
- Log in to the ADSelfService Plus mobile app and click Enrollment → QR Code Authenticator.
- Follow the steps given on the webpage.

- Click Next.
TOTP authentication
- Log in to the ADSelfService Plus mobile app and click Enrollment → TOTP Authenticator.
- Follow the steps given on the webpage.

- Click Next.
Microsoft Authenticator
- In the ADSelfService Plus user portal, go to Enrollment → Microsoft Authenticator. A QR code will be displayed.
- Go to the Microsoft Authenticator app and select Scan QR code. Scan the displayed QR code.
- A one-time-passcode is generated in your Microsoft Authenticator app.
- Switch to the user portal and type the one-time-passcode in the Enter code field.
- Click Next.
Yubikey Authenticator
- Log in to the ADSelfService Plus mobile app and click Enrollment → Yubikey Authenticator.
- Plug in the Yubikey device to your workstation. Place the cursor in the field below and press/hold the button on the plugged-in Yubikey device depending on the slot configured. The code is automatically updated.
- Click Next.
