Free EditionManageEngine ADSelfService Plus is an identity security solution with multi-factor authentication, single sign-on, and self-service password management capabilities.
This document explains how ADSelfService Plus handles passwords that were provided during self-service password management, domain configuration, integrations with other solutions, and database backup configuration.
ADSelfService Plus generally doesn't store end users' AD domain passwords anywhere. It connects to the domain controllers to verify the password during logins into the ADSelfService Plus portal.
To perform self-service password reset or password change, the solution only resets the users' passwords in AD.
However, it stores domain users' passwords with secure irreversible bcrypt hashing if the Number of old passwords to be restricted during password reset setting is enabled in the Password Policy Enforcer.
For features like Password Expiration Notification, only the expiration status of the password is checked in AD.
The domain administrator password used to configure a domain in ADSelfService Plus is stored in the database via reversible AES-256 encryption.
Product admin passwords are stored in the database via irreversible bcrypt hashing.
ADSelfService Plus does not store enterprise application passwords for password synchronization. It only sends the reset or changed password to the target enterprise application to complete synchronization.
Both the super admin credentials entered to integrate with ADManager Plus and the API key provided to integrate with ServiceDesk Plus are securely stored using reversible AES-256 encryption.
The ADSelfService Plus database backup file could be encrypted using the default password or a admin-configured password. The password is stored in the database via reversible AES-256 encryption.
The mail server password provided during mail server configuration is stored in the database via reversible AES-256 encryption.
For more information on password handling in ADSelfService Plus, contact support@adselfserviceplus.com.
Need further assistance? Fill this form, and we'll contact you rightaway.
Allow Active Directory users to self-service their password resets and account unlock tasks, freeing them from lengthy help desk calls.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications using their Active Directory credentials.
Intimate Active Directory users of their impending password and account expiry via email and SMS notifications.
Synchronize Windows Active Directory user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.
Strong passwords resist various hacking threats. Enforce Active Directory users to adhere to compliant passwords by displaying password complexity requirements.
Enable Active Directory users to update their latest information themselves. Quick search features help admins scout for information using search keys like contact numbers.
