ADSelfService Plus in action
Forgot your Mac password? Reset it from the login screen with ADSelfService Plus
If users can't remember their macOS login password, they won't be able to log in to their Active Directory (AD) account either, which negatively affects their productivity. To reset Mac passwords, users can use any of the methods supported by Apple—the Reset Password assistant, the Recovery Key, an Apple ID, or another admin account. However, these password reset techniques rely on other factors like enabling FileVault or knowing the Recovery Key. These dependencies encourage users to simply call the help desk team to reset their forgotten Mac passwords.
ADSelfService Plus enables users to reset macOS passwords, including MacBook Pro, from the login screen after verifying their identity.
Supports: Sierra, High Sierra, Mojave, and Catalina
Self-service password reset for macOS: How does it work?
- ADSelfService Plus places a Reset Password/Account Unlock link (also called the logon agent) on the Mac login screen.
- User identity verification: Clicking this link will open the password reset portal. Users are required to prove their identity through any of the enforced authentication methods, like SMS-based one-time passwords (OTPs), email-based OTPs, Google Authenticator, DUO Security, and RSA SecurID.
- Users must be enrolled in ADSelfService Plus to utilize the self-service password reset and self-service account unlock capabilities.
- Enrollment is a one-time process where users enter their mobile number and email address, set answers to security questions, and provide other details in ADSelfService Plus in order to register for self-service password management. Learn how to enroll users.
- Once a user’s identity is successfully verified, they will be allowed to reset their Windows AD domain password.
Installing the ADSelfService Plus logon agent on users' machines
Before users can reset passwords from their Mac login screen, admins have to deploy the logon agent on the users’ machines in the following ways:
- 1. From the ADSelfService Plus admin console
- Download and install ADSelfService Plus.
- Navigate to the Configuration tab → Administrative Tools → GINA/Mac/Linux.
- Click GINA/Mac/Linux Installation.
- In the New Installation section, choose the required Domain from the drop-down.
- Click Add OUs to select the OUs for which the logon agent can be installed. Click Get Computers.
- Now, select the computers to which the logon agent needs to be pushed.
- Click Install.
- 2. Manual installation
- Copy the ADSelfServicePlusMacLoginAgent.pkg (Location: install_dir>/bin/) file to the Mac client machine.
- Double-click the ADSelfServicePlusMacLoginAgent.pkg file to begin the installation process.
- Once you click the Install button, you'll be asked to enter your username and password. Please use the account information you use to log on to your Mac.
- Enter the ADSelfService Plus server name and port number when prompted.
- In the window that opens, click Close to complete the installation.