'Threats are Period!' Secure your user accounts from the known and unknown outside threats!
Safeguard the password self-service sessions with session timeouts, Set Email notification after Password Self Service. Create User accounts that are invulnerable against security threats by allowing end users to reset active directory password safely using various inbuilt tools/security measures like CAPTCHA, support for HTTPs, and LDAPs.
A bot (short for robot) is a program that operates as an agent for a user or another program or simulates a human activity. If a hacker manages to guess a username, then he might try brute-forcing the security answer for a web-based password change. That is, try out all possible combinations. To prevent this ADSelfService Plus offers a lockout mechanism which locks out accounts that are subjected to brute-forcing. Administrators can define the threshold for unsuccessful attempts and also determine the lockout period for an account responsible for such attempts. He also has a "Failed attempts at Security Questions Report" to help him find which account misfired.
During security question authentication(user identity verification), CAPTCHA, a type of challenge response test attempts to distinguish malicious application layer bots from human clients with help of perceptual challenges, making it infeasible for bots to carry out denial-of-service attack. CAPTCHA also plays a vital role in keeping dictionary attacks at bay.
Are you wary of data thefts during transmission? We recommend you enable HTTP over SSL to ensure extra safe communication between users (web browser) and ADSelfService Plus and enable LDAP over SSL to ensure extra safe communication in Active Directory - ADSelfService Plus.
All communications between ADSelfService Plus and end-user happens via a simple and self-explanatory web browser interface. These server-client interactions happen in HTTP protocol by default.
While ADSelfService Plus and client communication via HTTP may be safe in a closed LAN network, you MUST implement HTTPs protocol between ADSSP and clients, if the client is situated outside a LAN and would use internet to access ADSSP. In cases like geographically disparate WAN or use over internet, please apply enable HTTP over SSL, so that the web-based client-server communication is encrypted.
When you deploy ADSSP in a WAN, please make sure you enable LDAP over SSL to ensure ADSSP and domain controllers communicate in LDAPs (encrypted) protocol. This way communication between Active Directory and ADSSP will stay absolutely safe.
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. ADSelfService Plus employs a specially designed query handler framework to check and handle all SQL database queries, which does not allow users to input manipulative SQL code. Besides, the only database that ADSelfService Plus will query is its inbuilt database during secondary authentication, report fetching, and certain other operations.
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.