Pricing  Get Quote
 
 

How to safeguard local and remote Windows logons via ADSelfService Plus' endpoint two-factor authentication?

With cyberattacks on the rise,  having only passwords as a defense mechanism is no longer safe. An additional filter is required to weed out unauthorized users. ADSelfService Plus handles this situation by supporting two-factor authentication (2FA) for all Windows login attempts. Once this feature is enabled, users will be authenticated using their Active Directory domain credentials, and also through any one of the available thirteen authentication methods available in ADSelfService Plus.

Prerequisites:

  1. SSL and TFA must be enabled in ADSelfService Plus.
  2. GINA/CP Client Software must be installed on client machines. Make sure the client software is installed through GINA/Mac Installation console.

Steps involved:

  1. Log in to the ADSelfService Plus web-console with admin credentials.
  2. Navigate to Configuration → Multi-factor Authentication → Authenticator Settings tab → TFA for Windows/macOS Login.

    multi-factor-authentication

  3. In the Choose the Policy field, click the drop-down box and select the policies for which you wish to enable TFA.

    Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.

  4. Select the Enable authenticators for Windows/macOS login option, and configure any one of the authentication factor provided.

    tfa-for-windows-macos

  5. By default, the Bypass TFA if ADSelfService Plus is down option is selected when you enable Windows/macOS Logon TFA. If this option is not selected, users would not be able to access their machines when ADSelfService Plus is not accessible.
  6. Click Save.

Here's a GIF of how Windows Logon TFA works:

windows-logon-tfa-workflow

Like this tip? Get the most out of ADSelfService Plus by checking out more tips and tricks here.

 

Request Support

Need further assistance? Fill this form, and we'll contact you rightaway.

Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management