Passwords can no longer be considered the only reliable factor for authentication. Consider this:
If passwords were the only mode of authentication, all it would take is one user's weak or stolen password to infiltrate your IT environment. Many infamous cyberattacks on large-scale industries such as Colonial Pipeline and Ireland’s Health Service Executive started with one exposed password.
As the name indicates, 2FA uses two factors to verify users who attempt to log in to applications or endpoints. One of the factors is usually a password. The other could be anything ranging from a security question to an OTP, biometrics, or a hardware token.
With a second factor of authentication in addition to passwords, the chances of a successful cyberattack are drastically reduced, solidifying your organization's security posture.
In addition to easing HIPAA, GDPR, PCI DSS, SOC 2, SOX, and GLBA compliance, 2FA also helps organizations with procuring cyber insurance. Most cyber insurance companies require 2FA following the surge in cyberattacks and an executive order that requires federal agencies in the United States to implement 2FA.
ADSelfService Plus uses advanced authentication techniques to enforce Active Directory 2FA during:
ADSelfService Plus offers a myriad of concrete authentication factors such as YubiKey, smart card, biometric, Google Authenticator, and Microsoft Authenticator, and admins can enable them in just a few clicks.
ADSelfService Plus offers a wide range of both hardware and software authentication factors. It also offers the flexibility to enable different authentication factors for different sets of users to ensure security without compromising productivity.
AD 2FA for user accounts provides added security to your IT environment. Each time users log on, they need to enter the AD domain credentials, which is followed by a verification process. The secondary authentication happens via YubiKey, smart card, biometric, RSA SecurID, or other factors. This ensures that there is no threat to user information, even if someone manages to discover their password.
When this authentication method is enabled, users are required to verify their identity by answering the questions they previously responded to.
When enabled, the SMS and email-based verification method sends a code to the user's phone or email address. The user must enter the uniquely generated code in order to successfully log in each time.
Duo Security is a two-factor authentication service. If you have Duo Security enabled, your identity is verified through a verification code, by call or push notification, from the Duo mobile app.
RSA SecurID is an authentication service in which a one-time passcode is generated in either the RSA mobile app, hardware token, or RSA authentication manager. Users can deploy the unique passcode to prove their identity and securely log in to ADSelfService Plus.
With RADIUS Authentication, users can verify their identity using their RADIUS password which will in turn facilitate a smooth and secure access to their ADSelfService Plus portal.
If you use Azure AD MFA to secure logons in your IT environment, you can also configure Azure AD MFA for ADSelfService Plus' 2FA. This not only simplifies things for the admin but also offers a familiar mode of authentication for users.
When Google Authenticator is enabled, the user is required to open the app and enter the code displayed in Google Authenticator to verify their identity.
With push notifications enabled, users will get a login request sent to the ADSelfService Plus mobile app on their registered mobile device. They can either approve the authentication request or press deny to reject unexpected requests.
With Fingerprint authentication enabled, the user can use their registered mobile device with a fingerprint sensor to prove their identity.
By enabling Face ID authentication, the user can use the face recognition system in their registered device for identity verification.
Users simply need to scan the QR code displayed on their ADSelfService Plus web portal from their registered mobile device to prove their identity.
Users have to enter the 6-digit passcode during the authentication process within a specific amount of time to complete their identity verification.
When this method is enabled, the security questions are linked to an AD attribute, and users are successfully authenticated when their answers match that specific attribute value.
When Microsoft Authenticator is enabled, the user is required to open the app and enter the code displayed in Microsoft Authenticator to prove their identity.
ADSelfService Plus supports Yubikey, an authentication device that identifies itself as a keyboard and delivers the one-time password over the USB HID protocol. Once enrolled, users can use Yubikey to prove their identity.
When SAML Authentication is enabled, the user is required to authenticate with the chosen identity provider (IdP) to prove their identity.
With Zoho OneAuth TOTP enabled, the user is required to open the Zoho OneAuth app and enter the 6-digit one time passcode to prove their identity.
Users simply need to enter the one time passcode from the configured custom TOTP application to prove their identity.
When this method is enabled, a pop-up with a list of certificates to choose from appears in the browser. The chosen certificate is then matched with the userCertificate value in Active Directory for identity verification.
Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.