In order to take ADSelfService Plus' self-service features to the end-users, you have to implement the following:
ADSelfService Plus offers four self-service features to domain users (Password reset, Account unlock, Directory self-update, and Change password). Based on the departments and organizational hierarchy, you can choose to enable specific features based on users' OUs and group membership. Thereby, they can decide which users can avail themselves of any or all of these features. This is done in the Policy Configuration section by configuring a self-service policy for the users and defining the extent to which they can use ADSelfService Plus. Click on Steps to create a policy for further details.
Identity verification by multi-factor authentication (MFA) is carried out using the information provided by users during enrollment into ADSelfService Plus.
In order to perform identity verification, users need to enroll with ADSelfService Plus by providing certain information. The information provided varies based on the MFA method configured. ADSelfService Plus simplifies the enrollment process by offering multiple enrollment options:
You can import the existing security questions and answers along with the user’s mobile numbers and e-mail IDs that are stored in a CSV file format. This imported information is then used to enroll users. Click here for further details.
Connect the organization's data sources like MS SQL, PostgreSQL, Oracle, and MySQL with ADSelfService Plus. Once ADSelfService Plus has been given sufficient permission to access the database server, data can be fetched and users can be automatically enrolled. Any changes made on the database server can be easily updated to ADSelfService Plus with just a click using the Fetch Again option.
A scheduler can also be set to search for newly added users in the connected external data sources regularly and enroll them with ADSelfService Plus. For more information on how to import enrollment data from an external database, Click here.
Users can enroll with ADSelfService Plus using the ADSelfService Plus client portal, ADSelfService Plus mobile app, and the Mobile Web App. In order to enforce user enrollment, you can implement the following measures:
When ADSelfService Plus is deployed in an organization, the administrator could use enrollment notification to inform employees of the product and encourage them to enroll themselves with it. The option, when enabled, sends an e-mail or push notification to all users who have not yet enrolled with ADSelfService Plus. You can also set up a scheduler to automatically send notifications to non-enrolled users regularly. Click here for further details.
This involves searching for all non-enrolled users within the selected domain or policies and associates their accounts with a Logon Script. The logon script forces them to enroll when they log into their domain user accounts. Linking non-enrolled users’ accounts with a logon script can be done using a scheduler. The scheduler can be set to run periodically to check for non-enrolled and newly added users and set up the logon script to their accounts. For steps on how to enable Force Enrollment for non-enrolled users, Click here.
ADSelfService Plus' Security Centre lists out links to security settings in the other sections of the product. These include:
Copyright © 2024, ZOHO Corp. All Rights Reserved.