Pricing  Get Quote


Windows Logon Two factor authentication

Double protection from security breaches

With the number of security breaches increasing every day, relying on usernames and passwords alone to secure users' accounts is no longer an option. Instead of just making passwords stronger, a more viable solution is to add an additional layer of security to filter out unauthorized users. Two-factor authentication (TFA)—a method in which users are authenticated with something they know and something they have—makes this possible.

Logging into Windows with ADSelfService Plus

With ADSelfService PlusWindows Logon TFA feature enabled, users have to authenticate themselves in two successive stages to access their Windows machine. The first level of authentication is through something they know: their usual Windows credentials. The second level of authentication—something they have—can be through one of the following:

  1. Security Questions and Answers
  2. Email Verification
  3. SMS Verification
  4. Google Authenticator
  5. Duo Security
  6. RSA SecurID
  7. RADIUS Authentication
  8. Push Notification Authentication
  9. Fingerprint Authentication
  10. QR Code-Based Authentication
  11. Microsoft Authenticator
  12. TOTP Authentication
  13. AD-based secret questions

Windows Logon TFA ensures that there is no risk to sensitive data, even in cases where passwords are compromised. That is, even if unauthorized users gain access to a user's password, they still need access to the user's phone or email to get the verification codes. Moreover, the SMS and email-based verification codes as well as the authentication codes from Duo Security and RSA SecurID are unique to each user. These codes can only be used once and will expire if they aren't used within a certain period of time.

When Windows Logon TFA is enabled, it adds TFA to all Windows local and remote login attempts.

ADSelfService Plus supports Windows Logon TFA on the following operating systems:

  • Windows Vista and above.
  • Windows Server 2008 and above.

How it works

  • When a configured user tries to log in to their Windows machine, they will need Active Directory domain credentials to prove their identity.
  • Next, users must authenticate themselves using the time-sensitive authentication code sent to their SMS or email, or through a third-party authentication provider.
  • The user is now logged into their Windows machine successfully.

Figure 1: How Windows Logon TFA works.


With Windows Logon TFA, ADSelfService Plus provides improved security to your users' accounts, securing them against potential security threats. As it is highly unlikely that every user in a domain would require Windows Logon TFA to be enabled, ADSelfService Plus also offers you the ability to configure TFA based on domain, OU, or group membership. 

Here's a GIF of how it works:


Tighten Windows/macOS logon security with two-factor authentication.

  Download a free trial now!  Request demo

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management