Pricing  Get Quote
 
 

Identity verification for the enterprise network using Zoho OneAuth

In enterprise networks, user identity verification is no longer carried out simply through usernames and passwords. This is because without additional authentication layers, i.e., multi-factor authentication, enterprise networks and resources become easy prey to credential-based attacks. This is why, in the current technological landscape, multi-factor authentication has become a mandatory part of every organization's authentication system.

A time-based one-time-passcode (TOTP) is a prevalent authentication method used for MFA. Zoho OneAuth, a multi-factor authenticator solution, offers a mobile-based TOTP authenticator for social and enterprise accounts. When implemented, the Zoho OneAuth OTP authenticator generates verification codes every 30 seconds, and users will have to enter the verification code within that time to complete authentication. In combination with credentials and other authentication methods such as biometrics, the TOTP authenticator proves to be a viable barrier against unauthenticated access.

Achieve holistic enterprise MFA with Zoho OneAuth

ManageEngine ADSelfService Plus supports the Zoho OneAuth OTP authenticator as a method to implement MFA during enterprise application logins along with:

  • Local and remote Windows, macOS, and Linux logins.
  • Microsoft Outlook Web Access and Exchange logins.
  • Self-service password reset and account unlock.

Furthermore, implementing enterprise MFA with ADSelfService Plus provides the following benefits:

  • Granular configuration: Implement MFA using particular authenticators for users belonging to specific groups, OUs, and domains.
  • Adaptive MFA: The solution offers provisions to heighten, relax, or skip MFA during authentication based on IP address, time of access, geolocation, and device used.
  • Detailed audit reports: Gain comprehensive insights on user activities such as identity verification failures and login attempts, and find users with weak passwords.
  • Ensure 100% enrollment: Automate user enrollment by importing users' domain information through CSV files or force enrollment using login scripts.

How to configure MFA using Zoho OneAuth in ADSelfService Plus

  1. Navigate to Configuration → Self-Service → Multi-factor Authentication → Authenticators Setup.
  2. From the Choose the Policy drop-down, select a policy.
    Note: ADSelfService Plus allows you to create OU- and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups and choose the OUs or groups to which you want to apply the policy. You need to select at least one self-service feature. Finally, click Save Policy.
  3. Click Zoho OneAuth TOTP.
  4. Click the Enable Zoho OneAuth TOTP button.

    how-to-configure-zoho-oneauth-otp-authenticator

Enable Zoho OneAuth TOTP-based MFA for machine logins

  1. Go to Configuration → Self-Service → Multi-factor Authentication → MFA for Endpoints.
  2. Select a policy from the Choose the Policy drop-down. This will determine which authentication methods are enabled for which sets of users.
  3. In the MFA for Machine Logins section, check the box next to Enable __ authentication factors, select the number of authentication methods, and select Zoho OneAuth TOTP along with any other configured authenticators from the drop-down.
  4. Click on the asterisk (*) next to the authentication method to set it as mandatory. You can also reorder the authenticators.
  5. Click Save Settings.

Enable Zoho OneAuth TOTP-based MFA for enterprise application logins

  1. Go to Configuration → Self-Service → Multi-factor Authentication → MFA for Applications.
  2. Select a policy from the Choose the Policy drop-down.
  3. In the MFA for Cloud Applications section, check the box next to Enable __ authentication factors, select the number of authentication methods, and select Zoho OneAuth TOTP along with any other configured authenticators from the drop-down.
  4. Click on the asterisk (*) next to the authentication method to set it as mandatory. You can also reorder the authenticators.
  5. Click Save Settings.

Enable Zoho OneAuth TOTP-based MFA for OWA

Step 1: Configuring MFA for OWA

  1. Go to Configuration → Self-Service → Multi-factor Authentication → MFA for Endpoints.
  2. Click the Choose the Policy drop-down and select a policy. This will determine which authentication methods are enabled for which sets of users.
  3. In the MFA for OWA Login section, check the box next to Enable __ authentication factors, select the number of authentication methods, and select Zoho OneAuth TOTP along with any other configured authenticators from the drop-down.
  4. Click on the asterisk (*) next to the authentication method to set it as mandatory. You can also reorder the authenticators.
  5. Click Save Settings.

Step 2: Install the ADSelfService Plus MFA Connector

The Internet Information Services MFA extension must be installed in Exchanger Server to enable MFA for OWA and Exchange admin center logins. It triggers the request for the completion of other authentication factors after the primary password authentication is successful.

  1. Go to Configuration → Self-Service → Multi-factor Authentication → MFA for Endpoints.
  2. Navigate to MFA for OWA and click on the help icon.
  3. Download the ADSelfService Plus MFA Connector from the pop-up that appears.
  4. Copy the extension file (AdsspOWAIISModule.zip) to the Windows server that you have configured as the Exchange server. Extract the ZIP file’s content and save it in any location.
  5. Open PowerShell (x64) as an administrator and navigate to the folder where the content of the extension files is located.
  6. Execute the following command:
    PS C:\> .\setupIISMFAModule.ps1 Install

Secure all points of access to your enterprise network with Zoho OneAuth OTP

  Download a free trial now!  Request demo

 

Request Support

Need further assistance? Fill this form, and we'll contact you rightaway.

Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management