SMS Verification

    When SMS Verification is enabled, a verification code is sent to the user's registered mobile number, which the user must provide to complete authentication.

    How it works

    ADSelfService Plus validates the user-provided code against the generated code stored in its database, granting access only upon successful verification.

    Limitation This authenticator can be used to protect all endpoints and sensitive actions secured by ADSelfService Plus except Offline MFA.

    Prerequisites

    Configuration steps

    1. Navigate to Configuration > Self-Service > Multi-factor Authentication > Authenticators Setup.
    2. From the Choose the Policy drop-down, select a policy.
      Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.
    3. Click SMS Verification.
    4. Choose from the options in the Select Type drop-down:

      SMS Verification authenticator in ADSelfServicePlus

      • MFA for Password Resets: For when the user performs self-service password resets
      • MFA for Account Unlocks: For when the user performs self-service account unlocks
      • MFA for ADSelfService Plus Login: For when the user logs in to the ADSelfService portal
      • MFA for Machine Login: For when the user logs in to a Windows, macOS, or Linux machine physically or remotely
      • MFA for Cloud Applications: For verification when the user accesses their enterprise applications
      • MFA for OWA Login: For when the user attempts to access the Outlook on the web portal
      • MFA for VPN Login: For when the user attempts to access the corporate network through a VPN
    5. Customize the Message to be used for SMS verification according to your organization's requirements.
    6. Click Save.
      Tip Click the Macros button to use the listed macros in the message.

      SMS Verification macros in ADSelfServicePlus

    Advanced settings

    SMS Verification has additional advanced settings using which you can customize security parameters. To access these settings, navigate to Configuration > Self-Service > Multi-factor Authentication > Advanced. In the pop-up window that opens, go to the Verification Code tab. Click here to learn more about each setting under this tab.

    Advanced SMS Verification settings in ADSelfServicePlus

    Deploying the authenticator for MFA

    Once the authenticator is configured, you can deploy it as an MFA method to secure sensitive actions like password resets and unlocks, protected endpoints, and logging into ADSelfService Plus. Click on the respective links to learn how.

    Setting up user enrollment

    The last step is setting up the process for users to enroll for and utilize this authenticator. Administrators can choose from the following enrollment methods:

    • Use the AD mobile number: The user's official mobile number, as configured in AD, is automatically used for verification. No additional user enrollment is required.
    • Enable user enrollment: Prompt users to register one or more mobile numbers during their initial setup. During MFA, users can then select which of their enrolled addresses should receive the verification code or secure link.
    • Perform bulk enrollment: Administrators can pre-register mobile numbers for multiple users simultaneously by importing a CSV file, streamlining the deployment process for large groups.

    Tips

    • Discover the various enrollment options available in ADSelfService Plus here.
    • You can see how the enrollment settings you configure will be presented to your users, here.