Configuring QR code-based authentication for Active Directory-based actions
QR code-based authentication is a type of multi-factor authentication method that involves scanning a QR code with an app in order to verify one's identity. When authenticating into a service using MFA, users need to provide their account credentials upon validation of which a QR code will be displayed. Users simply need to scan this code using the authentication app on their mobile device. As scanning the code takes mere seconds making this a quick and simple method, it is widely employed for a variety of identity verification applications.
A much-needed implementation of QR-code based MFA would be during the Active Directory user actions. By default, domain logins and self-service actions like password reset and account unlock only require users to enter their domain account credentials. Including QR-code based authentication provides a boost of security that is essential during such sensitive actions. A perfect solution would be a product that features self-service actions like password reset, account unlock, and directory self-update that are secured by QR-code based authentication and other MFA methods.
ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, is one such product. Its MFA feature secures not just self-service actions but also:
- Windows, macOS, and Linux logins.
- Enterprise application logins through single sign-on (SSO).
- Self-update of Active Directory profile information, subscription to mail groups, and employee search using ADSelfService Plus.
ADSelfService Plus supports MFA with 15 methods of authentication including QR code-based authentication, Google Authenticator, YubiKey Authenticator, and RSA SecurID.
QR code-based authentication for MFA can be enabled with minimal steps in ADSelfService Plus
- Navigate to Configuration → Self-Service → Multi-factor Authentication → Authenticators Setup.
- From the Choose the Policy drop-down, select a policy.
Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy. Only users belonging to OUs and groups included in the policy can perform the self-service feature(s) selected.
- Click QR Code-based Authentication section.
- Select Enable QR Code-based Authentication.
Note: Users need to download the ADSelfService Plus iOS or Android mobile app to use this authentication technique.
Enable QR code-based authentication for Active Directory password resets
- Go to Configuration → Self-Service → Multi-factor Authentication → MFA/TFA Settings. Go to MFA/TFA Settings. In the MFA for Reset/Unlock section, enter the number of authentication factors to be enforced, and select QR Code Based Authentication along with the other authentication techniques to be used.
- Click Save Settings.
Enable QR code-based authentication for Active Directory domain logins
- Go to Configuration → Self-Service → Multi-factor Authentication → MFA/TFA Settings. In the Endpoint MFA section, select QR Code Based Authentication from the drop-down.
- Enable the Bypass TFA if ADSelfService Plus is down option.
- Click Save Settings.
To enable MFA for Active Directory domain logins:
- The ADSelfService Plus login agent must be installed on client machines. Click here for steps on login agent installation.
- SSL must be enabled: Log in to the ADSelfService Plus web console with admin credentials. Navigate to the Admin tab → Product Settings → Connection. Select the ADSelfService Plus Port [https] option.
Simplify password management with ADSelfService Plus.
Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here
Self-service password management and single sign-on solution
ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.
- Related Products