ADSelfService Plus Release Notes
Release Notes for build 5521 (Jun 21, 2018)
- SAML-based multi-factor authentication (MFA): For self password reset and account unlock, users can now be authenticated using SAML-based identity providers such as OneLogin and Okta.
- SAML-based SSO to access ADSelfService Plus: Allow users to authenticate themselves through SAML-based identity providers for one click access to ADSelfService Plus.
- SSO support for Blackboard: ADSelfService Plus now supports SAML-based SSO for Blackboard.
- A new option to notify ADSelfService Plus users about new features, ManageEngine events, and more.
- Issue in self password reset when the minimum password age is set.
How to update?
Release Notes for build 5520 (May 31, 2018)
- Two-factor authentication for Windows login: Improve security by enforcing two-factor authentication for local interactive and remote desktop logons to Windows clients and servers.
- ServiceNow password synchronization: Now synchronize users' Active Directory passwords with their ServiceNow accounts in real-time.
- Security issue in which the HttpOnly flag was missing from the adscsrf cookie has been fixed.
How to update?
Release Notes for build 5519 (May 11, 2018)
- Clone existing policies: Option to copy the existing policy configuration settings and create multiple policies from it.
How to update?
Release Notes for build 5518 (May 7, 2018)
- The Change Password Audit report has been enhanced to include information on the forced password changes when users login.
- Option to set a link expiry time in the secure identity verification link, using the %linkExpireTime% macro.
- Logs can now be forwarded in Rawlog and CEF formats to any SIEM solution or a syslog server.
- Employee search's scope can be limited to that forest in which the user performing the search resides.
- British English has been added to the list of languages with which you can personalise ADSelfService Plus.
- Issue in displaying the Soon-to-Expire Password User report on the next login after a session expiry.
- Issue in logon client (GINA/ Credential Provider agent) installation if the password of the service account used to fetch the domain data contains a backslash (\).
- Issue in generating valid SAML metadata for single sign-on configuration while using default ports.
- Broken authentication vulnerabilities which can lead to unauthorized access of the product resources.
How to update?
Release Notes for build 5517 (April 17, 2018)
- Users can now be restricted from having multiple active sessions in ADSelfService Plus concurrently.
- Option to automatically send Soon-to-Expire Account Users and Account Expired Users reports to users’ managers using reports scheduler.
- Now you can define multiple mobile number formats and allow users to enter their mobile number in any of the pre-defined formats during enrollment.
- jQuery bundled with ADSelfService Plus has been upgraded from 1.8.1 to 1.12.2.
- NTLMv2 jar bundled with ADSelfService Plus has been upgraded from 1.1.19 to 1.2.2.
- Vulnerability issue in the Windows logon (GINA/CP) client.
- Issue in GINA/CP installer which prevented the deployment of login agents in the latest macOS.
- Vulnerability issue which could lead to attackers exploiting unused HTTP methods in the product has been fixed.
- XSS issue in enrollment.
- Issue in loading the change password page for users with “User must change password at next logon” option enabled.
- Issue in synchronizing password changes with Oracle DB.
- Issue in configuring SonicWall Global and NetExtender VPN clients.
- Issue in migrating from PostgreSQL to MS SQL in Free Edition.
- Issue in approval workflow which failed to update the requests’ “assigned to” status in ADSelfService Plus.
How to update?
Release Notes for build 5516 (March 29, 2018)
- High availability support: Ensure users have uninterrupted access to self-service password management, single sign-on, and other self-service features by enabling high availability.
- Unrestricted file upload issue which could lead to XSS and server-side command execution vulnerabilities has been fixed.
- SSRF vulnerability issue which led to NTLM hash disclosure has been fixed.
- Reflected cross site scripting vulnerability has been fixed.
- Issue in the quick search option available in the graphical reports under the dashboard.
How to update?
Release Notes for build 5515 (March 12, 2018)
- Enhanced policy filtration through additional user's attribute filter: You can now configure ADSelfService Plus policies with enhanced user filtration process. In addition to OUs/Groups, users can now be filtered by using specific attributes for better usage restriction and license consumption.
- Improper authentication during SAML single sign-on that gives way to man in the middle attack by inserting fraudulent user identification has now been fixed.
How to update?
Release Notes for build 5514 (February 26, 2018)
- Smart Card Authentication: The use of smart cards/ PKI/ certificates has been enabled as additional options for ADSelfService Plus login.
How to update?
Release Notes for build 5513 (February 20, 2018)
- Custom SAML Applications: Any application that supports SAML 2.0 protocol for authentication can now be integrated for SSO.
- Custom VPN Providers: Updating of cached credentials through any VPN providers that allow command line arguments to establish VPN connections is now supported.
- SAML SSO support for Shufflrr and ADP.
- Option to exclude TFA for service provider(SP) initiated SAML SSO.
- Each of the SSO applications can now support multiple configurations.
- Cached credentials can now be updated using SonicWall, SonicWall Global, and Checkpoint VPN clients.
- Access to self-service portal can now be restricted to specific IP ranges via AD360 console.
How to update?
Release Notes for build 5512 (February 12, 2018)
- License for unlimited users: You can now purchase a license for ADSelfService Plus that supports an unlimited number of domain users.
Release Notes for build 5511 (January 30, 2018)
- Issue in importing CSV files that contain more than 15,000 users.
- Vulnerability issues have been fixed.
- SMPP protocol for SMS server configuration now supports empty System ID too.
- Issue in configuring SAML SSO for Canvas LMS by Instructure app.
- Issue in generating CSR for wildcard certificates.
- Issue in password sync agent while synchronizing passwords between two Active Directory domains.
- Issue in properly displaying non-English characters and UI issue in user login page.
How to update?
Release Notes for build 5510 (January 9, 2018)
- SSO support for three new apps: Cybozu Office, Garoon, and Mailwise.
- Two-factor authentication with SAML can now be enforced for service provider(SP) initiated login as well.
- Issue on the user login page while accessing ADSelfService Plus from favorites bar in IE11.
How to update?
Release Notes for build 5509 (December 27, 2017)
- Bulk disenroll users: Select multiple users from the Enrolled Users report or import users from a CSV file to disenroll them in bulk.
- Oracle EBS password sync driver has been updated to the latest version.
- Issue in using Google Authenticator while performing password self-service from the Android mobile app.
- Issue in enrolling more than 10,000 users at once from external databases.
- Issue which failed to refresh the CAPTCHA image when using a load balancer.
- UI issue in "Choose mail/mobile recipient" page.
- Vulnerability issue in Windows login client.
How to update?
Release Notes for build 5508 (December 13, 2017)
- Issue in cached credentials update when using Windows native VPN client.
- When password reset secure link is opened in a mobile web browser, it redirects the user to the login page of ADSelfService Plus instead of the password reset page. This issue appeared when ADSelfService Plus is integrated with AD360 and has now been fixed.
- Oracle Database for importing enrollment data can now be configured using service name as the connection type.
- Vulnerability issue in the Windows login client.
- Issue in check-box option during self-update.
- Issue in logging in to the self-service portal using mail attribute when its value is the same as that of UserPrincipalName.
- Change password issue when User must change password at next logon option is enabled in AD.
- Issue which displayed incorrect message during SMS verification.
How to update?
Release Notes for build 5507 (November 20, 2017)
- Four new authentication methods: Biometric, QR code, time-based one-time passcode, and push notification can be used for identity verification during password self-service; all four methods come built-in with the ADSelfService Plus mobile app.
- Support for Duo Security, RSA SecurID, and RADIUS authentication methods in mobile app.
- SSO support for three new apps: Bamboo, Bonusly, and Cybozu.
- Now set different limits for self-reset password and unlock account actions in advanced policy configuration.
- Support for inetOrgPerson objects in addition to user objects for AD LDS password synchronization.
- Issue in updating the OUs' names even after manually running a refresh of domain objects in ADSelfService Plus.
- Enrolling users via CSV import has been optimized.
- Issue in viewing Organization Chart when it is opened in Internet Explorer compatibility mode.
- Issue in navigating through the reports.
- Issue in sending SMS messages through custom SMPP protocol.
How to update?
Release Notes for build 5506 (October 16, 2017)
- SSO for 90+ cloud apps: Now provide users with one-click access to 16 more cloud apps such as Office 365, SugarCRM, LiveChat, Cisco Meraki, in addition to the already supported 80 apps.
- Vulnerability issue when using Google Authenticator.
- Issue where the login client software is not copied to the target machine during manual installation from the ADSelfService Plus admin portal.
- Issue where users were not able to close the enrollment pop up when the force enrollment logon script is pushed via GPO.
- Enrollment issue which forced enrolled users to enroll again when they log in to the self-service portal.
How to update?
Release Notes for build 5505 (October 9, 2017)
- Employee Search feature is now supported in the ADSelfService Plus mobile web app.
- Now you can sort the Employee Search results based on attributes.
- Issue in sending enrollment notification to domains that contain a large number of non-enrolled users.
- Brazilian Portuguese language issues have been fixed.
- XSS vulnerability issue while updating manager field using self-directory update.
- Issue in accessing the HTA login script when TLS 1.2 is strictly forced.
- Issue in AD LDS password synchronization.
How to update?
Release Notes for build 5504 (September 19, 2017)
- You can now use the custom attributes as macros and in password synchronization for linking Active Directory accounts with other applications.
- 'DateTime' data type has been added for creating custom attributes.
- Option to send all notifications to the secondary email addresses of users.
- Now you can customize the license expiration notification settings to suit your requirement.
- PGSQL database that comes built-in with the product has been updated to 9.2.4 version.
- Self-service (password reset, account unlock, and change password) notifications are now supported for non-AD accounts including IBM iSeries, HP UX, Office 365, G Suite, and Salesforce.
- Performance improvements.
- Issue which failed to partially hide the email address during the secure link identity verification process for password reset and account unlock.
- Some security issues have been fixed.
- [For builds 5400 and later] Issue in enforcing the product to use a particular TLS protocol.
How to update?
Release Notes for build 5503 (September 5, 2017)
- ADSelfService Plus can now be integrated with SIEM solutions that support syslog such as Splunk to forward audit logs and gain advanced intelligence on user activities.
- Compliance with Vasco authentication server for RADIUS multi-factor authentication.
- Issue which caused database migration to slow down.
- Issue which caused the product startup to fail while importing enrollment data from Oracle database.
- Issue which prevents deleting unowned licensed users.
- Issue in sending soon-to-expire password notifications.
How to update?
Release Notes for build 5502 (July 31, 2017)
- Single Sign-On for 80 cloud applications: Now provide users with one-click access to over 80 cloud applications.
- Option to configure display name of applications configured for password synchronization.
- Issue which restricted Free Edition users from configuring multiple AD domains after the end of trial period.
- Issue in approval workflow which failed to reflect the status of self-service requests in self-service portal.
How to update?
Release Notes for build 5501 (July 14, 2017)
- Supports customization of texts in the mobile app’s home page.
- GINA installation issue when there is a newline character in frame text.
- Issue which obscured the remaining Clickatell SMS count from being viewed in the license details page.
- Issue which prevented users from accessing the Audio CAPTCHA button using the keyboard.
- Issue in editing the Manager field while configuring self-update layout.
- Issue which prevented password expiration notifications from being sent to members of domain users group.
- Issue in self-service password reset operation when a domain controller configured in Site-based DC is removed from the Domain Settings configuration.
- Unknown errors which caused the product to crash during self-service operations.
- Issue in proxy server configuration which displayed a blank page after a successful self-service operation
- Issue in installing the Password Sync Agent on FIPS compliance enabled domain controllers.
- Issue which displayed incorrect password reset status displayed for Office 365.
- Issue in installing GINA client when VPN parameters contain special characters.
- Issue in CSR generation while configuring SSL certificate.
- Issue in AD synchronizer scheduler which fails to import domain users from Active Directory.
- Server settings will be configurable when the app is opened for the first time after installation even though admin has disabled it in the product.
How to update?
Release Notes for build 5500 (June 23, 2017)
- Enforce password history checks for password reset operations using password policy enforcer.
- Restrict users during license management based on their smart card status (enabled/disabled).
- Set up scheduler to automatically reinstate revoked licenses of users when specific conditions, such as user account is enabled, user account becomes active, and smart card is enabled, are met.
- Now send attachments along with password expiration notifications.
- Enroll users in bulk for Duo Security authentication by importing data from CSV files and external databases.
- Enable product downtime notifications to instantly get alerts whenever the product stops running.
- Issue in saving Access URL has been fixed.
How to update?
Release Notes for build 5400 (May 25, 2017)
- Apache Tomcat server used in the product is now updated to version 8.0.
- Added an option to show/hide the “Reset Password/Unlock Account” tile from the Windows login screen.
How to update?
Release Notes for build 5330 (May 3, 2017)
- Windows Server 2016 support: Adds self-service password reset and account unlock support for Active Directory users in Windows Server 2016 domain.
How to update?
Release Notes for build 5329 (April 27, 2017)
- Issue in using Cisco AnyConnect VPN for cached credentials update.
- Issue in logon client (GINA/Credential Provider agent) installation caused by configuring 64-bit VPN settings for cached credentials update.
- Issue in updating to the latest build using service pack.
- Issue in starting the product using the desktop shortcut icon.
- Issue in customizing the size of non-English fonts on logon page.
How to update?
Release Notes for build 5328 (April 14, 2017)
- Mobile app customization: Now you can completely customize the home screen of the app and disable access to certain features.
- Dictionary rule in password policy enforcer can now be configured to restrict password that is either an exact match of a dictionary word or has dictionary words as its substring.
- Issue in configuring OpenLDAP server over SSL.
- Alignment issue in login page when product language is set to Arabic.
- Issue in editing the email verification code message as HTML during multi-factor authentication configuration.
How to update?
Release Notes for build 5327 (March 15, 2017)
- Duo Security, RSA SecurID and RADIUS-based authentication support: Self-service password reset and account unlock processes are now more secure than ever thanks to three new authentication methods for verifying users’ identities.
- RADIUS-based authentication support for two-factor authentication during login.
- Support for SMPP-based custom SMS provider.
- Issue in installing the login client software in MAC machines.
- Issue in configuring Salesforce for password sync and SSO.
- Issue in sending email verification code for login two-factor authentication when the email body contains HTML code.
- Issue which showed an error message when the change password tab is clicked.
- Issue which triggered verification code emails twice when Internet Explorer 11 is used for the self-password reset process.
- Issue in importing CSV file during auto enrollment when the domain name contains special characters.
How to update?
Release Notes for build 5326 (February 24, 2017)
- AD domain-to-domain password sync: Now you can enable password synchronization between two or more Active Directory domains.
- Option to synchronize passwords only after successful password reset in Active Directory.
- Ability to identify the IP addresses of machines used to access the product via proxy server.
- XSS vulnerability in self-update manager field.
- Issue which resulted in distorted photos during self-update.
- Issue which associated technicians with wrong time zone.
How to update?
Release Notes for build 5325 (February 3, 2017)
- Two-factor authentication for ADSelfService Plus login can now be configured based on OUs and groups. To configure the settings, navigate to Configuration → Policy Configuration → Select Policy → Advanced → Login TFA.
- Option to exclude smart card users from password/account expiration notifications, and soon-to-expire password users and password expired users report.
- Now you can import enrollment data from an external/in-house PostgreSQL database.
- Option to display "Select mobile no./Email address" as the default text in drop down list during verification code step.
- Issue in adding and removing domain controllers in Site-based DCs configuration.
How to update?
Release Notes for build 5324 (January 20, 2017)
- 64-bit version of VPN clients are now supported for cached credentials update.
- Cisco AnyConnect VPN client is now supported for updating cached credentials.
- The photo attribute can now be set as ‘Read Only’ in self-update layout.
- Vulnerability issue in self-password reset and unlock account process.
How to update?
Release Notes for build 5323 (January 11, 2017)
- The password policy enforcer feature now ensures strong passwords for your users by:
- Preventing the use of any dictionary word.
- Prohibiting the use of five consecutive characters from an old password.
- Mandating the use of at least one Unicode character.
- You can exempt a password from complying with a custom password policy if it meets a certain character length set by you.
- The password strength analyzer feature now works even without enforcing your custom password policy.
How to update?
Release Notes for build 5322 (January 5, 2017)
- Issue in Windows logon agent (GINA/CP) when GINA/Mac customization scheduler is configured.
- Issue which failed to save OU and group selections during policy configuration.
How to update?
Release Notes for build 5321 (December 30, 2016)
- Enhanced Force Enrollment: Now you can configure multiple force enrollment schedulers based on self-service policies.
- Option to exclude disabled users while scheduling soon-to-expire password users and password expired users reports.
- Users can be restricted to select managers from a specific set of OUs or groups during self-update of AD profile information.
- Issue in changing the database to MS SQL that is located in another untrusted domain when NTLMv2 is enabled.
- Issue in displaying password policy rules in mobile web browsers during password reset via secure email link.
- Corrected the UI text which showed reset password successful message for Office 365 change password operation.
- Issue in password reset when enforce password history option is enabled.
- Issue in ServiceDesk Plus integration.
- Issue in loading the CAPTCHA image properly when using reverse proxy.
- Protocol can be now be configured during the manual installation of logon (GINA/CP) client software.
- UI issue in multi-factor authentication configuration page when the verification code email message contains double quotes.
- Domain settings issue which prevented a domain containing a large number of users from being deleted.
- Issue in reports which showed the values available in the mail/mobile attributes instead of the attributes configured by the admin.
How to update?
Release Notes for build 5320 (December 1, 2016)
- Configuring Mobile Push Management (MPM) is now a child's play. All you have to do is request the PLIST file from ADSelfService Plus support team and follow it up by getting the MDM managed certificate from Apple. For step-by-step instructions, click here.
- The server settings of ADSelfService Plus mobile app can now be remotely configured through MPM.
How to update?
Release Notes for build 5319 (November 2, 2016)
- Support for RSA SecurID to protect users logging into ADSelfService Plus through two-factor authentication.
- Fixed a vulnerability issue in two-factor authentication.
Release Notes for build 5318 (September 28, 2016)
- Audio CAPTCHA support for easier accessibility.
- ServiceDesk Plus integration now allows you to automatically create tickets for end user self-service actions in the help desk software.
- Now acknowledgement notifications can be sent for enrollment, self-update and blocked user events to both end users and administrators.
- License usage details will now be included in the license expiration notification email and when exporting licensed user reports.
- Now you can import enrollment data from CSV files of any encoding type.
- Issue in displaying the login agent image (Credential Provider client) after Windows 10 anniversary update.
- Scroll bar issue in the Windows 10 login agent self-service wizard.
- Issue in NTLM SSO which turned the self-service portal into a blank page in Internet Explorer.
- Issue which caused the Enroll Now button to disappear in the force enrollment pop up.
- Issue in editing self-update layout.
- Issue in saving password expiration reminder schedulers.
- Enrollment issue which forced users to enter both their mobile and email details even when they are not made mandatory.
- Issue which caused duplicate entries in reports when they were exported in CSV file format.
- Issue which caused a script error when a user is deleted from the licensed user report.
- Issue in saving Access URL in Internet Explorer.
Release Notes for build 5317 (Sep 2016)
- Now get ADSelfService Plus in your language. Fully localized versions are available for:
Release Notes for build 5316 (Aug 2016)
- Change password issue which was caused due to a recent Windows update. Refer this forum post for more details.
Pre-requisites for this update:
- PowerShell 2.0 or higher must be present in the machine in which ADSelfService Plus is installed.
- Active Directory module for PowerShell must be installed in any one of the domain controllers configured under the domain settings of ADSelfService Plus.
Release Notes for build 5315 (Jul 2016)
- Login issue in Windows 10 when 'Other Users' option is used.
- Windows logon agent (Credential Provider) issue while establishing remote connection to any PC from Windows 10.
- Windows 10 users not being able to change their passwords from Ctrl-Alt-Delete screen, when password policy enforcer feature was enabled.
- Fixed password sync agent which caused issues in DC.
- Issues in manual linking and unlinking of AD accounts from non-AD applications in Internet Explorer.
- Employee search getting blocked in Chrome and Firefox browsers.
- Failed login attempts due to incorrect update of Bad-Pwd-Count attribute.
- Issue with character count while resetting passwords.
- Users being forced to enter their mobile numbers, which is a non-mandatory field, during enrollment.
- Issue in sending scheduled reports to admins when multiple domains are configured.
- Incorrect entries in Unlock Account Audit report.
- Customized logo set in the product not being displayed in exported reports.
Release Notes for build 5314 (May 2016)
- Issue in manual linking of Active Directory user accounts with Oracle E-Business suite.
- Issue in synchronizing password with Oracle E-Business suite during password reset.
- Issue with textarea formatting (font color, size, type) while customizing logon page in
Internet Explorer 11.
- Issues related to duplicate values while updating the drop down box options in self-update layout.
- SMTP error after update.
- GINA issue when VPN is enabled.
- GINA issue which lead to the slow loading of reset page after identity verification.
- Issue in applying service pack when ADSelfServicePlus.exe is used by other processes.
- Issue which prevented domain technician users from logging in when no policy was linked to them.
- Setting response header for help document - security issue.
- Issue with customized GINA reset icon when client software is installed through GPO.
- Issue with sending email notifications in HTML format.
- Issue which allowed users to self-update and view other users’ AD profile information.
Release Notes for build 5313 (Apr 2016)
- Two-factor authentication support (Duo security provider) to secure user login.
- Account expired notification to keep end users, their managers and administrators updated about expired accounts.
- Ability to restrict active users for license management.
- Ability to restrict admin logon page access to a range of IP addresses.
- Allow users to automatically log in to the ADSelfService Plus mobile app by enabling the 'remember me' option [For ADSelfService Plus iOS mobile app users, this feature will be released after the completion of review process by Apple.]
- Option to hide secondary mail and mobile enrollment.
- Now you can disable access to mobile web app.
- Separate hide options for mobile access and help guide on end-user page.
- Now you can easily associate a self-update layout to a policy from the self-update layout page itself.
- Separate CAPTCHA settings for select verification mode and select recipient pages.
- Now you can use display name in the from address field for email notifications.
- Issue with sending email notifications in HTML format.
- Issue in sending expiration reminders when both account expiration and password expiration fall on the same day.
- Issue which displayed Chinese characters as garbage values in the GINA button.
- Issue in installing the GINA client when the password in domain settings contains double quotes.
- Issue with the logon agent installation in the latest Mac OS version El Capitan.
- Issue which prevented Password Sync Agent installation in domain controllers running a non-English version of Windows Server OS.
- Issue which automatically capitalized the first letter of the password while trying to login through Safari mobile browser.
- Issue with the listing of security questions during password reset.
- Issue in mobile web app which failed to show the retry option during self-password reset.
- Enforce password history settings will no longer create temporary passwords containing part of the username.
- Issue which sent unencrypted user password to OpenLDAP server.
- Password expired notification filter issue in notification delivery report.
- Issue which failed to notify administrators about users' change password actions.
- Issue which duplicated security questions in database when the character ' is used while adding the question.
- Issue in showLogin page when NTLM SSO is enabled and NTLMv2 session security is forced.
- Issue with saving automatic reset & unlock scheduler configuration.
- Issue in backing up MySQL database.
- Fixed some vulnerability issues.
Release Notes for build 5312 (Mar 2016)
- Single Sign-on support for SaaS applications to simplify identity management.
- Password policy enforcer to enforce and display custom password policies across the web console, GINA/CP (Ctrl+Alt+Del) client, and password sync agent.
Release Notes for build 5311 (Feb 2016)
- Missing 'Don't inherit child OUs' option in OU/Group selection under policy configuration has been restored.
Release Notes for build 5310 (Jan 2016)
- 64-bit version of ADSelfService Plus for Windows is now available for download.
- Mobile App Deployment: Now you can push ADSelfService Plus mobile apps to end users’ devices directly from the self-service portal.
- Blank page issue in GINA portal when auto send password via text/email is enabled.
- Blank page issue when the reset password page is accessed directly by entering the URL.
- Issue in automatically unlocking the locked out accounts.
- Issue which failed to display mobile numbers during password reset/account unlock process when the number contains non-numeric characters.
- Issue which disabled force enrollment for the entire domain when force enrollment is disabled for any one self-service policy associated with that domain.
- Issue which prevented the data fetcher for external database from running.
- Issue which displayed incorrect headers and values of user report in dashboard.
- XSS vulnerability issue caused by editing the title field under rebranding settings.
- Missing file content check for title image and product logo under rebranding settings.
Release Notes for build 5309 ( Jan 2016)
- This release fixes many grammatical errors that were found in the product user interface(UI) and help documents to provide a better user experience.
Release Notes for build 5308 (Dec 2015)
- Users' secondary email address and mobile number can now be used for sending auto-generated password, enrollment notification, and password and account expiration notification.
- Now you can automatically link AD accounts with other providers for password synchronization by mapping custom attributes.
- Ability to personalize the password expired notification content.
- Ability to preview the password expiration notification template.
- Ability to automatically retry the password expiration notification in case of any failures.
- Issue which forced users to begin password reset process from scratch when password complexity rules were not met.
- Issue in sending enrollment notification to a group if it has more than 1500 members.
- Issue which caused errors in enrollment report when users’ display name exceeded 255 characters.
- Issue faced in auto-enrollment while importing mobile numbers with special characters ‘-’ and ‘()’.
- Issue faced in auto-enrollment where only the last security question of multiple questions was used to enroll users when importing from a CSV file.
- Issue in updating Manager field in self-update from force enrollment page.
- Issue faced in enrollment when mobile format is specified, where users were forced to enter secondary mobile numbers even when it was not mandated.
- Issue in executing UpdateManager.bat file when the product is installed in a drive other than the default drive.
- Issue faced with displaying dateTime macro in subject field of Scheduled Reports.
- Issue faced while sending password expiration notification that sent incorrect days for expiration when notification has been configured to be sent on specific days.
Release Notes for build 5307 (Nov 2015)
- The password self-service logon agent (Credential Provider extension) has been enhanced to support Windows 10.
- Enrolled Users report can now be filtered based on enrollment type; also shows secondary email address & mobile number used for verification code.
- Now you can filter the logon agent (GINA/CP extension) reports based on operating system and sort the result.
- Now you can search the Security Questions report based on questions.
- Ability to run a custom script after a self-unlock account action.
- Ability to add request headers in Custom SMS settings.
- Issue caused by Password Strengthener when the restricted patterns length exceeds 1000 characters.
- Issue in sending Email & SMS (Custom SMS provider) when SSL is enabled by the SMTP/SMS provider.
- Issue in password expiry notification configuration, which caused notification to be sent on password expiry date without being set.
- Issue in installing the logon agent using the product user interface when scheduler is running in background.
- Issue which crashed the application while restricting service accounts without necessary permission.
- Issue in closing the logon agent (GINA/CP extension) window.
- Issue in inactive users report generation, when multiple DCs are configured for a domain.
Release Notes for build 5306 (Oct 2015)
- Now you can set a limit for the number of password resets and account unlocks a user can perform in a given number of days.
- Issue in directory self-update when a custom attribute is added to the layout.
- Issue in importing CSV files by technicians who are logged in using ADSelfService Plus authentication.
- Issue which prevented users from changing their passwords using ADSelfService Plus mobile site when ‘Users must change password at next logon' option is enabled in Active Directory.
- Issue which failed to show the success message for Google Apps password reset and change passwords.
- License expiry notification sent 2 days before expiration has been removed.
Note: As Google has deprecated its clientLogin API, ADSelfService Plus will not be able to support manual linking of Google Apps and Active Directory accounts. However, we are working to bring back the manual linking option and it will be available soon. Until then, we have enabled automatic linking of accounts using the sAMAccountName@GoogleDomainName.com format by default.
Release Notes for build 5305 (Aug 2015)
- Business Logic for Self-Update: You can now configure your organization’s business logic for self-update to auto-populate attribute values based on user input.
- Option to overwrite enrollment data while automatically fetching data from external data sources.
- Password Sync Agent can now invoke a post action custom script.
- Slowness issue in password reset, account unlock and change password when password sync for Google Apps.
- Issue in automatically linking AD and Salesforce accounts for password sync.
- Issue in "Access admin login from" when DNS name of the server is not resolved.
- Issue which appeared when custom script contains special characters.
Release Notes for build 5304 (Aug 2015)
- Issue in accessing the self service portal through GINA due to a script error.
- XSS vulnerabilities have been fixed for improved security.
- Issue in enrolling users from external database when the total number of users exceed a certain limit.
- Issue in license management while accessing unowned licenses.
- SSO issue which prevented Mac users from accessing the self service portal.
- Issue in editing the self update layout through Internet Explorer.
- Issue which prevented technician users from viewing the self service policies associated with password sync.
Release Notes for build 5303 (Jul 2015)
- Now update local cached password when remote users reset their passwords in Active Directory through the GINA/CP client.
Release Notes for build 5302 (Jun 2015)
- Mobile Push Notification support for enrollment and password expiry notifications.
- Now automatically enroll users by creating a scheduler for importing enrollment data from a CSV file from any shared location.
- Added an option to choose the security settings (none, SSL, TLS) during custom SMS provider configuration.
- Admins can now enable forced enrollment for specific users by manually configuring the built-in logon script file.
- Issue in self-updating mobile number using Internet Explorer.
- Issue which allowed users to edit the read-only fields during self-update.
- Issue which prevented users from updating the country field during self-update.
- Issue in updating the product when another process running on a virtual IP is using the same port number.
- Issue which consumed 100% CPU when account expiry scheduler with “on specific days” is enabled.
- Issue in enrolling with Google Authenticator when ENTER key is pressed.
- Issue which failed to display the logo in mobile apps.
Release Notes for build 5301 (May 2015)
- Option to set the keystore password, which will be encrypted for heightened security, directly using the product UI.
- Issue in automatically enrolling users using external data source when ‘Overwrite enrollment data’ option is enabled.
- Issue in syncing Oracle Database and Office 365 passwords when the password contains special characters.
- Issue which caused the loss of enrollment data while editing security questions.
- Issue which launched the Choose Manager pop-up in a new tab.
- Issue in external data source fetcher when the query contains XSS character.
- Issue in sending SMS when the message contains blank space.
- Issue in navigating through the OUs in tree view under the Reports tab when the OU name contains special characters.
- Issue which failed to save OUs with special characters while configuring password expiry notification schedulers.
- Issue which failed to load the custom logo in mobile app.
- Issue in saving advanced policy configuration when the username macro is used in the automation tab.
- Organization Chart issue which showed extra columns in the result.
- Script error in GINA login page when login option is enabled.
- Issue which failed to accept the keystore password while importing SSL certificates.
Release Notes for builds 5207 to 5300 (Apr 2015)
- Help desk assisted self-password reset and account unlock using Active Directory attributes as security questions to verify user identity.
- Updates Java Runtime Environment package to version 7.
- Supports TLS 1.2 for heightened security.
- Admins can now receive real-time notifications as and when end-users perform reset password/account unlock.
- Ability to copy an existing self-update layout and create a new one from it.
- Supports multiple mobile number formats; you can also force users to comply with the specified formats during self-update.
- Supports cross-database migration; easily migrate all the product data from your existing database to another (except to MySQL).
- Fixed an issue caused by the deprecation of Google Apps provisioning API. We have now migrated to the Google's new Directory API.
- Issue which prevented users assigned as ‘technicians’ from changing their passwords.
- Issue which prevented users from selecting recipient mobile number to receive verification codes.
- Issue in generating reports after restoring the database from a backup.
- Issue in Notification Delivery Report which displayed duplicate user records.
- Issue which sent multiple license expiry notification emails.
- Issue which failed to update the Dashboard when a user is logged in as a technician.
- Issue which showed the ‘My Info’ tab instead of the default tab after uploading photo.
- Issue which prevented default admin from viewing the enrollment notification schedulers created by technicians.
- Fixed an issue which caused users assigned as ‘technicians’ to be logged in as domain users.
- Issue which failed to apply the force enrollment script to users who are newly added to a group with self-service policy applied to it.
- Issue in self-update which allowed end-users to edit the ‘read-only’ fields.
- Issue in self-update which displayed an empty page when users edit the sAMAccountName field.
- Issue in embedding cross domain employee search in Internet Explorer.
- Issue in integrating other ManageEngine products in ADSelfService Plus (applies to customers who have updated their old builds using service pack).
- Issue in changing the mobile browser title.
- Issue which prevented the ACCESS URL from being used during GINA installation and customization.
- Proxy settings is now enabled for HTTPS connections too.
- The following security issue have been fixed: CSRF, Cross Frame Scripting (XSF)/Click Jacking, Weak Cache Policy/Server Cache Policy, MIME-SNIFFING, Cross Origin Resource Sharing (CORS), Browser Autocomplete Issue HttpOnly and Secure Flag, Directory Listing, SHA1WithRSA for CSR creation, jQuery migrated to new version to avoid Vulnerability, Session Fixation, HTTP Methods Blocking.
Release Notes for build 5206 (Feb 2015)
- Issue which prevented migration from 5203 to 5204/5205 build when MS SQL database is in use.
- Issue which displayed sAMAccountName instead of displayName while choosing the Manager in self-update.
Release Notes for build 5205 (Feb 2015)
- Now easily integrate custom SMS gateway providers using the product GUI.
- Notification emails to alert you when licensed user count reaches its maximum limit.
- Notification emails to alert you about license and AMS expiry.
- Issue in change password when it is done by a service account user with only change password permission.
- Reset Password issue which displays the error ‘Problem in Change Password’ when enforce password history settings is enabled.
- Issue in accessing password reset wizard from the login screen when multibyte characters are used in the GINA/CP button.
- Issue in AD LDS and OpenLDAP configurations for customers migrating from old builds.
- Password Sync Agent installation issue in non-English OS has been fixed.
- Password Sync Agent issue which failed to sync passwords of users whose username contains more than 16 characters.
- Issue in password sync agent audit log which stored the application IP address instead of the domain controller IP address has been fixed.
- Issue which doesn’t prompt users to enter their alternate email address for receiving verification code.
- Issue in configuring ‘Connection Security (SSL/TLS)’ under Mail Settings
- Issue in saving mail server settings when the from address or admin mail address contains a top level domain name with more than 4 characters.
- Issue in taking manual backup using backupdb.bat.
- Issue which prevented any of the multi-factor authentication option from being set as mandatory.
- Issue in setting a default tab under ‘Tab Customization’.
- Issue in accessing cross domain organization charts when logged in as a domain user.
- Disabled the "Interactive Services Detection" message pop-up which appears when ADSelfService Plus is configured to run as a service.
- http://server:port/showLogin.cc?domainName=%domainName% - Now you can use Domain Flat Name or Domain DNS Name for the %domainName% macro.
- Fixed slowness issues in product and report generation.
Release Notes for build 5204 (Jan 2015)
- Send real-time Email and/or SMS notifications to end-users as and when their Active Directory passwords are changed or reset natively in Windows.
- Reset Password and Change Password audit reports have been enhanced to include native password changes (Ctrl+Alt+Del screen) and password resets (ADUC console)
Release Notes for build 5203 (Jan 2015)
- OpenLDAP and AD LDS based directories are now supported for self-service password management and password synchronization.
- Issue in employee search which fails to show the result when search filters are used.
- Issue which failed to display enrollment prompt to dis-enrolled users when they log in to the self-service portal
- Issue in password reset which showed 'specified network password is incorrect' even after successful reset when password history settings is enforced
Release Notes for build 5202 (Dec 2014)
Features & Enhancement
- Now you have the option to enable CAPTCHA on the login page after a certain number of failed login attempts.
- Issue which prevented service account users from self-updating attributes even when they have sufficient rights.
- Issue which added new users to the restricted users list because of no last logon time.
- Issue which affected the dashboard UI when AD blocker is enabled on the browser.
- Fixed an issue in password sync agent by excluding password capture from a new computer joined to the domain.
- Issue which prevented the addition of Technician operation role when there is a large number of restricted users.
- Fixed a bug that showed incorrect error message to users, whose accounts are locked out, when they try to log in to ADSelfService Plus
Release Notes for build 5201 (Dec 2014)
- Introducing Password Sync Agent: Now synchronize native password changes (password change through Ctrl+Alt+Del screen and password reset through ADUC) in Windows Active Directory with the users’ associated IT systems and applications in real-time.
Release Notes for build 5200 (Nov 2014)
- Multiple Login Options: Users can log in to the self-service portal with any AD attribute with unique value such as mail and telephoneNumber.
- Now verify users’ identity by sending them an email containing a secure password reset/account unlock link.
- Ability to restrict service accounts using license management to free up license count.
- Issue in self-update which displays incorrect value in the manager field.
- Issue in automated password reset.
Release Notes for build 5116 (Nov 2014)
- Issue which disrupts GINA UI when caps lock is pressed while entering the password.
- SSO issue in Chrome browser.
- Issue in password expiry notification when it is configured for a group with a large distinguishedName.
- Issue in password expiry notification delivery report which failed to show the delivery status properly.
- Issue which ignores the default system language and displays the product only in English.
- Issue in reports when they are generated for OUs containing special characters.
- Issue in showing the status message during unlock account process when retry option is enabled.
- Issue in linking accounts for password synchronization.
- Issue in synchronizing passwords when force synchronization is enabled.
Release Notes for build 5115 (Oct 2014)
- Issue in sending password expiry notifications on specific days.
- Issue in sending password expiry notification to unlimited users in Free Edition.
- Issue in syncing Office 365 passwords when you are using an older version of Microsoft online services module.
- Issue which syncs password with Active Directory even though the user's AD account is not selected during password reset or change.
- Issue which displays incorrect user count in the security questions and answers report.
- Issue which shows incorrect count in user reports under Dashboard.
- Issue in notification delivery report where incorrect status is shown for enrollment notifications sent to users.
- Issue which shows incorrect status message during self-unlock account if a domain is configured using insufficient permissions.
These issues will be fixed in our upcoming release.
- GINA issue: In Windows Server 2003 and XP machines the GINA icon and its frame text will disappear when Caps Lock is pressed while entering passwords.
- Translation issue: Some of the new features will have texts only in English.
Release Notes for build 5114 (Sep 2014)
- Option for users to choose the language of their choice from the log in page itself.
- OUs selected during report generation will now be preserved and reused for reports displayed on the dashboard.
- Issue in GINA/Credential Provider which failed to start the password reset/unlock account wizard from the logon screen.
- Issue which prevented product administrators from editing Domain settings and generating Enrolled users report.
Release Notes for build 5113 (Aug 2014)
- Crop Photo option – Users now have the ability to crop their photos before self-updating them in Active Directory.
- New macros added – dateTime and reportName; can be used in the subject of notification emails.
- Issue that displayed incorrect password policy message when maximum password age is set to never expire has been fixed.
Release Notes for build 5112 (Aug 2014)
- Issue that causes pages to be displayed incorrectly when the browser's default language is not supported by the product.
- Issue that requires the users enrolled with mandatory questions to enroll again.
Release Notes for build 5111 (Aug 2014)
- Some issues that appeared when Japanese is selected as the default language. The issues that have been fixed are:
- Issue that displays a blank pop up window when the “Automatic Reset and Unlock” feature is accessed from the dashboard.
- Issue in deleting licensed users.
- Issue in displaying the force enrollment message.
Release Notes for build 5110 (Aug 2014)
- Google Authenticator is now supported by the Android and iPhone apps as one of the multi-factor authentication options.
- Issue in self password reset when the user name contains apostrophe.
- Issue which prevents users from logging in to ADSelfService Plus when they have comma in their distinguished name and have the "change password at next logon" flag set.
- Issue that displayed the system error message to end-users during change password.
Release Notes for build 5109 (July 2014)
- Issue in customizing the logon page.
- Issue in Self Directory Update that forced users to fill non-mandatory, but number-only fields.
- Issue in sending test emails when SMTP authentication is used.
- Issue that forced users to enroll for verification code when mobile number format setting is enabled.
- Issue that refreshed the CAPTCHA code whenever the ENTER key is pressed during reset password/unlock account operations.
- Issue that runs GINA/Mac Customization Scheduler repeatedly ever after successful customization.
- Issue in displaying email/mobile number fields during reset password/unlock account when the respective data have been deleted in Active Directory.
- Login page issue for users who have "user must change password at next logon" setting enabled for them.
Release Notes for build 5108 (July 2014)
- ADSelfService Plus integration with ADManager Plus now enables you to take control of users’ self-service actions with the new Self-Service Approval Workflow feature.
- Password Expired users can now change their passwords when they log in to ADSelfService Plus.
- Mobile App now has a 'Desktop Site' option; allows users to switch to the desktop version of ADSelfService Plus.
- Issue in customizing the logon page.
Release Notes for build 5107 (June 2014)
- Zendesk and Microsoft Dynamics CRM are now supported for self-service password management and synchronization.
- ServiceDesk Plus is now integrated with ADSelfService Plus; allows admins and end-users to quickly access the help desk software.
- I18n support for mobile apps; all the 17 languages supported by the web console are now supported by the mobile apps.
- Now easily deploy the Mac login agents from the web console itself.
- Issue in linking Office 365 sub domain accounts by end-users for password sync
- Issue in closing the ‘Edit Questions’ dialog box
Release Notes for build 5106 (June 2014)
- Default admins can now view report schedulers and all its information created by users associated with the ‘Technician’ role.
- OUs selected during report generation will now be preserved and re-used while generating reports in the future.
- Issue with force enrollment.
- Issue that displayed the list of restricted users from default domain to all the technicians regardless of the domain they belong to.
- Blank screen issue when unlock account page is refreshed.
- Issue that throws a ‘page not found’ error when username exceeds 100 characters during reset password/unlock account process.
Release Notes for build 5105 (May 2014)
- Google Authenticator is now supported as part of our multi-factor authentication set up to further secure reset password/unlock account process.
- Facility to make any or all of the multi-factor authenticator techniques mandatory.
- Option that allows admins to rearrange the order of identity verification steps during reset password/unlock account process.
- An issue that displays force enrollment notification to non-policy users when a custom logon script is used.
- Issue in selecting security questions during enrollment when users change their choice of questions.
Release Notes for build 5104 (Apr 2014)
- Issue in adding domains to the product when their names start with numeric value.
- Issue with ADSelfService Plus Credential Provider when accessed from the UAC prompt.
- Issue that allowed users to log in using invalid passwords if guest login is enabled on the machine running ADSelfService Plus.
- Issue in enrolling with security answers through Android app.
- Issue in applying the default admin time zone settings to technicians.
- Issue in enrolling with security answers that are longer than 100 characters.
- Issue in reports page and in accessing help from the end-users portal when context path is set.
Release Notes for build 5103 (Apr 2014)
- You can now export the restricted users list in a desired file format
- Now completely exclude restricted users from showing up anywhere in the product
- Issue in automatic password reset
- Issue in accessing native mobile apps and mobile webapp
- Issue in displaying verification code enrollment information when email option alone is enabled
- Issue with displaying header logo in scheduled reports when HTML is selected as the storage format
Release Notes for build 5102 (Mar 2014)
- Alternate Email IDs and Mobile numbers of users stored in any AD attribute can now be used for sending verification codes.
- Admins can auto-enroll users by importing their Email IDs and/or Mobile Numbers from a CSV file or external database.
Release Notes for build 5101 (Mar 2014)
- Now you can select the protocol (HTTP/HTTPS) to be used for Mac login agent during installation itself
- Issue in generating user reports when the database (PostgreSQL) server is installed in another machine
- Issue that force users to go back or sign out when they login using Single Sign-On
- Issue in saving ‘Automatic Reset Password’ settings
- Issue in accessing the help guide when context path is added
- Issue in translating the label ‘Description’ when reports are exported
Release Notes for build 5100 (Feb 2014)
- Login Agent for Mac OS X to allow AD domain users to reset passwords and unlock accounts right from the OS X login screen itself.
- Group-based configuration of self-service policies, enrollment settings and password synchronizer for fine-grained management.
- Now self-service policies will take effect based on their priorities as set by the admin.
- Issue in saving report schedulers.
- Issue in performing quick search in reports.
- Issue in showing the status of change password actions when enrollment is disabled.
Release Notes for build 5041 (Jan 2014)
- Added an option to email generated reports
- Issue with updating profile details when the update button is clicked more than once
- Issue with updating the Advanced Policy Configuration settings from Security Center
Release Notes for build 5040 (Jan 2014)
- Password Expiry Notifier is now part of our FREE Edition; allows you to notify UNLIMITED users. Also, gains a slew of enhancements including:
- SMS notifications to alert users of their impending password expiry
- Option to select users based on groups for sending password expiry notifications
- Ability to schedule and send reports of users’ password/account expiry to their managers
- Send password expiry notifications immediately with the ‘Run Now’ option
- You can now notify password expired users too
- Enabling SSO now requires you to configure NTLMv2, which has been added to enhance security
- Option to hide ‘Click here to troubleshoot’ link in Reset Password / Unlock Account failure page
- Issue in removing added OUs while configuring GINA/CP scheduler
- Issue in enabling the ‘Force User to prove their identity via both verification methods’ option
How to Upgrade?
Highlights of Previous Releases (build 4500 to 5032)
- Unified Self-Service Password Management -Synchronize Windows Active Directory Password/Account changes made using ADSelfService Plus with range of cloud-based and on-premises apps. The following apps are supported:
- Google Apps
- Office 365
- IBM AS400 / iSeries
- HP UX systems
- Oracle Database
- Oracle E-business Suite
- Free iPhone & Android App for self-service password management: ADSelfService Plus native apps for iPhone and Android allows end-users to reset their lost passwords, unlock their locked-out accounts, change their expiring passwords and synchronize password changes with a variety of non-Windows systems and cloud-based applications remotely from their iOS and Android devices. Get the free app from Get the Apps.
- Mobile Web App: Mobile browser support for devices running on any platform including Android, iOS and Windows Mobile
- Mobile App Rebranding: Ability to customize mobile app with your own company logo
- Mail Group Subscription: Self-Service Mail Group Subscription to allow users to subscribe to or unsubscribe from mail groups of their choice
- SMS/E-Mail Verification Codes to provide additional security when End-Users Reset Password / Unlock Accounts
- Enforce Stronger Passwords with "Password Strength Analyzer"
- Instant DC Updater: The actions by a user (password reset or account unlock), can be instantly updated between sites and across all or specified domain controllers
- Enrollment Notification: Scheduler to invite the 'non-enrolled & new domain' users to enroll with ADSelfService Plus as well as delivery reports for the notifications.
- Force Users to Enroll - Now force users to enroll with ADSelfService Plus as soon as they log in to their machines.
- Extract Audit Reports specific to a domain with the help of built-in filters.
- Heightened security against 'Cross-site scripting', 'CSRF issue', and 'Denial of Service attack'.
- SSL Certification Tool: Helps you to generate CSR and offers guidelines to install SSL certificate
- Report Scheduler: Scheduler for mailing admin the detailed reports of ADSelfService Plus (User, Audit & Enrollment Reports)
- Restrict User Scheduler: Scheduler for restricting the inactive users of a domain from accessing the application
- Support for Windows 8 and Windows Server 2012 operating systems
- Support for Postgres Database server (as product database) in addition to already supported MySQL and MS SQL databases.
- Support for 17 languages including Dutch, Swedish, Chinese, Spanish, Russian, and Arabic.
- Support for 3rd party GINA/CP agents:ADSelfService Plus is now compatible with the following 3rd party GINA/CP agents:
- Zenworks Endpoint Security agent
- 2X agent
- Toshiba Logon Provider
- Cisco NAC agent
- OneX Credential Provider
- Sophos Safeguard Disk Encryption
- Cisoc VPN client
- Checkpoint Full Disk Encryption (pre-boot authentication not supported)
Click here for the complete list of Features, Fixes and Enhancements from previous releases.
Some other benefits of ADSelfService Plus - Self Service Reset Password Management
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.