ADSelfService Plus is a secure, web-based, end user password reset management program. With ADSelfService Plus, end users can perform various simple yet important tasks like: Password reset, Account Unlock, Self-update and much more, without any assistance from helpdesk personnel.
Allowing end users to reset their password or unlock their account carries a certain amount of risk, as it increases the possibility of an attack from a malicious user. To ensure that only the intended users are allowed access to the self-service password reset/account unlock application, users need to prove their identity. An attacker can gain access to user accounts if strong identity verification procedures are not deployed.
ADSelfService Plus provides enhanced security when end users perform Password Reset /Account Unlock through two-factor authentication, a system that makes it much harder for hackers to capture valid credentials of a user account. The two-factors are:
To prove his identity, a user has to enter the correct verification code that he received through SMS/e-mail and/or answer the set of predefined Security Questions. Only after establishing his identity, the user will be able to reset his password or unlock his account.
The Identity Verification process starts when the user accesses the ADSelfService Plus application and clicks on the Reset Password or Unlock Account link. The user is asked to enter his username and the select the domain he belongs to. ADSelfService Plus server performs a series of security checks in the background which establishes the user's identity.
Once the initial security checks are completed, and if found to be successful, the user is allowed to proceed to the next step in which he chooses either his Mobile Number or E-mail id to receive the verification code. ADSelfService Plus server sends a one-time verification code via SMS/E-mail based on the user's choice. Once the user enters the correct verification code, he is allowed to proceed further.
If the user fails to produce the correct verification code for 'x' number of times, the user will be blocked from using the ADSelfService Plus Reset Password/Unlock Account feature for a specific period of time. ADSelfService Plus administrators can define the threshold for unsuccessful attempts and also the lockout period.
To add more muscle to the Identity Verification process, ADSelfService Plus also incorporates Security Questions and Answers to successfully establish a user's identity. A user enrolls with ADSelfService Plus by answering a series of Security Questions. The answers are stored securely using encrypted formats in the ADSelfService Plus database. The user is asked the same set of Security Questions answered by the user in the enrollment phase during the Identity Verification process. The answers provided by the user are compared with the answers stored in the ADSelfService Plus database. When all the Security Questions are answered correctly, the user is allowed to reset his password/unlock his account.
If the user provides incorrect answer(s) to the Security Question(s) 'x' number of times, the user will be blocked for a specific period of time just like in the previous step.
The user receives an e-mail notification from ADSelfService Plus server about the Reset Password/Account Unlock event, if it has been enabled by the ADSelfService Plus administrator. The e-mail notification acts as an alert in case of an unauthorized Reset Password/Unlock Account event and allows the user to react and prevent further damage.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.