Pricing  Get Quote


Windows login multi-factor authentication

Double the protection against security breaches

With the number of security breaches increasing every day, relying on usernames and passwords alone to secure users' accounts is no longer an option. It has become necessary to add additional layers of security to filter out unauthorized users. Multi-factor authentication (MFA)—a method in which user identities are verified with authentication methods like Google Authenticator and biometrics—makes this possible.

Logging in to Windows with ADSelfService Plus' MFA feature

With ADSelfService Plus' Endpoint MFA feature enabled, users have to authenticate themselves in two successive stages to access their Windows machines. The first level of authentication is through something they know: their usual Windows credentials. The second level of authentication—something they have—can be through one of the following:

  1. Security questions and answers
  2. Email verification
  3. SMS verification
  4. Google Authenticator
  5. Duo Security
  6. RSA SecurID
  8. Push notification
  9. Fingerprint
  10. QR Code-Based authentication
  11. Microsoft Authenticator
  12. TOTP Authenticator
  13. AD-based secret questions
  14. SAML-based Authentication
  15. YubiKey Authenticator

Implementing MFA during Windows logins ensures that there is no risk to sensitive data, even in cases where passwords are compromised. This means that even if unauthorized users gain access to a user's password, they still need access to the user's phone or email to get the verification code. Moreover, the SMS and email-based verification codes as well as the authentication codes from Duo Security and RSA SecurID are unique to each user. These codes can only be used once and will expire if they aren't used within a certain period of time.

When Windows Logon MFA is enabled, it adds MFA to all local and remote Windows login attempts.

ADSelfService Plus supports Windows Logon MFA for the following operating systems:

  • Windows Vista and above.
  • Windows Server 2008 and above.

How it works

  • When configured, users logging in to their Windows machines will need Active Directory domain credentials to prove their identity.
  • Next, users must authenticate themselves using the time-sensitive authentication code sent to their SMS or email, or through a third-party authentication provider.
  • Finally, users are logged in to their Windows machines successfully after successful authentication through both factors.

Figure 1: How Windows Logon MFA works.


With Windows Logon MFA, ADSelfService Plus provides improved security to your users' endpoints, securing them against potential security threats. As it is unlikely that Windows MFA will have to be enabled for all users in a domain, ADSelfService Plus also offers you the ability to configure MFA based on domain, OU, or group membership.

Here's a GIF of how it works:


Learn how to enable multi-factor authentication for Windows logons.

Tighten Windows/macOS logon security with two-factor authentication.

  Download a free trial now!  Request demo



Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

A single pane of glass for complete self service password management