Help Document

Identity verification

ADSelfService Plus verifies your identity using the information you provide during the enrollment process. Here is a list of authentication techniques available in ADSelfService Plus.

  • Security questions and answers: You must provide valid answers to security questions to verify your identity. Click here for the complete configuration steps.
  • Verification code: You must enter a code sent via SMS or email to verify your identity. Click here for the complete configuration steps.
  • Duo Security: You must use a Duo Security push notification, call, or code to verify your identity. Click here for the complete configuration steps.
  • Azure AD MFA: In this method of authentication, you will be required to authenticate your identity using any of the following Azure AD MFA methods configured by your organization:
    • Verification code via Microsoft Authenticator, hardware token, or SMS.
    • Push notification via Microsoft Authenticator.
    • Authentication phone call.

    Click here for the complete enrollment steps.
  • Verification code via Microsoft Authenticator, hardware token, or SMS. Push notification via Microsoft Authenticator. Authentication phone call. Click here for the complete enrollment steps.
  • RSA SecurID: You must use a hardware token to verify your identity. Click here for the complete configuration steps.
  • RADIUS authentication: If this method of authentication is enforced, you will be required to authenticate your identity using your RADIUS password, and secondary authentication, if configured, before you can perform the requested self-service action. Click here for the complete enrollment steps.
  • SAML authentication: You must log in to your identity provider to verify your identity. Click here for the complete configuration steps.
  • Active Directory security questions: You must enter a valid answer to an Active Directory security question to verify your identity. Set by your administrator, the Active Directory security questions will mostly be about your Active Directory profile information, such as your mobile number or email address. Sometimes, it might also include a secret answer provided by your administrator. Click here for the complete configuration steps.
  • Mobile authentication: You must use a push notification, your fingerprint, a QR code, or a time-based, one-time passcode (TOTP) in the ADSelfService Plus mobile app to verify your identity. Click here for the complete configuration steps.
  • Yubikey Authenticator: You must enter a valid one-time-passcode (OTP) generated by the Yubikey Authenticator. Click here for the detailed steps.

Note: Your admin might choose to enforce any or all of the authentication techniques available in ADSelfService Plus. Based on the enforced multi-factor authentication techniques, you'll need to provide certain information. For example, say your admin has enforced security questions and answers as the method of authenticating your identity. You'll then need to provide appropriate answers to the displayed questions.

Security questions and answers

  • In the ADSelfService Plus user portal, go to Enrollment → Security Questions.
  • Depending on how your admin has configured this authentication technique, you might see any one of the following windows.
    • Mandatory security questions: Your administrator will have already configured the security questions. All you have to do is provide appropriate answers.

      • Manadatory questions

    • Custom security questions: Create your own security questions and provide appropriate answers.

      • Custom security questions.

    • Select a question from the list: A set of security questions defined by your administrator will be displayed. Choose the questions you’d like to use for authentication, and then provide the appropriate answers.

      • Custom security questions

  • Click Next.

Mobile numbers

Get a verification code sent to your mobile number

  • In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Verification code on your mobile.
  • Enter your mobile number.
  • Enter the code sent to your mobile number to verify your identity.
  • Click Next.

    • Enrollment using Mobile numbers

Email address

Get a verification code sent to your email address

  • In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Verification code on your email.
  • Enter your email address and click Send Code.
  • Enter the code sent to your email address to authenticate your identity.
  • Click Next.

    • Enrollment using email address

Google Authenticator

Prerequisite:

Download the Google Authenticator app on your mobile device from the Google Play Store or the Apple App Store.

Configuration steps:

  • In the ADSelfService Plus user portal, go to Enrollment → Google Authenticator. A barcode will be displayed.
  • Go to the Google Authenticator app and select Scan barcode. Scan the displayed barcode.
  • A one-time-passcode is generated in Google Authenticator.
  • Switch to the user portal and type the one-time-passcodein the Enter code field.
  • Click Next.

    • Enrollment using Google Authenticator

Azure AD MFA

  • On the Azure AD MFA verification page, click Continue to proceed with verifying your identity.

    • Azure AD MFA

  • Depending on the enrolled authentication method, you may:
    • Receive the verification code via Microsoft Authenticator, hardware token, or SMS.
    • Receive a push notification via Microsoft Authenticator or an authentication phone call.
  • Identity verification:
    • If you've enrolled in push notifications or a phone call, you'll be notified via your mobile device. Complete the verification by accepting the push notification or by following the instructions given in the call.
    • If you've enrolled in a verification code-based method, enter the code in the field that appears.

      • Azure AD MFA

  • Click Continue.

Duo Security

  • In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → Duo Security.
  • Follow the steps given on the webpage.
  • Click Next.

    • Enrollment using email address

RSA SecurID

  • In the ADSelfService Plus user portal, go to Enrollment → Identity Verification → RSA SecurID.
  • Enter the RSA Pass Code you received from your administrator.
  • Click Next.

    • Enrollment using email address

RADIUS authentication

For RADIUS authentication, you are not required to enroll from the ADSelfService Plus portal. Please contact your administrator for the RADIUS password that is mapped to your account.

SAML authentication

For SAML authentication, you are not required to enroll from the ADSelfService Plus portal. Please contact your administrator to receive the identity provider credentials that are mapped to your account.

Active Directory security questions

For Active Directory security questions, you are not required to enroll from the ADSelfService Plus portal. However, if you're unsure about the questions displayed, please contact your administrator.

Push alert authentication

  • Log in to the ADSelfService Plus mobile app and click Enrollment → Push Authenticator.
  • Follow the steps displayed on the webpage.

    • Enrollment using push alert authentication

  • Click Next.

Fingerprint authentication

  • Log in to the ADSelfService Plus mobile app and click Enrollment → Fingerprint Authenticator.
  • Follow the steps displayed on the webpage.

    • Enrollment using Fingerprint authenticator

  • Click Next.

QR code authentication

  • Log in to the ADSelfService Plus mobile app and click Enrollment → QR Code Authenticator.
  • Follow the steps given on the webpage.

    • Enrollment using QR code authenticator

  • Click Next.

TOTP authentication

  • Log in to the ADSelfService Plus mobile app and click Enrollment → TOTP Authenticator.
  • Follow the steps given on the webpage.

    • Enrollment using TOTP Authentication

  • Click Next.

Microsoft Authenticator

  • In the ADSelfService Plus user portal, go to Enrollment → Microsoft Authenticator. A QR code will be displayed.
  • Go to the Microsoft Authenticator app and select Scan QR code. Scan the displayed QR code.
  • A one-time-passcode is generated in your Microsoft Authenticator app.
  • Switch to the user portal and type the one-time-passcode in the Enter code field.
  • Click Next.

Yubikey Authenticator

  • Log in to the ADSelfService Plus mobile app and click Enrollment → Yubikey Authenticator.
  • Plug in the Yubikey device to your workstation. Place the cursor in the field below and press/hold the button on the plugged-in Yubikey device depending on the slot configured. The code is automatically updated.
  • Click Next.

    • Yubikey Authenticator

Zoho OneAuth TOTP

  • In the ADSelfService Plus user portal, select the Zoho OneAuth TOTP authentication method.

    • Zoho OneAuth TOTP

  • Enter the code generated by the Zoho OneAuth app in the ADSelfService Plus user portal.

    • Zoho OneAuth TOTP

  • Click Continue.

Thanks!

Your request has been submitted to the ADSelfService Plus technical support team. Our technical support people will assist you at the earliest.

 

Need technical assistance?

  • Enter your email ID
  • Talk to experts
  •  
  •  
    By clicking 'Talk to experts', you agree to processing of personal data according to the Privacy Policy.

© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.