How to Enroll with ADSelfService Plus?

Enrollment is a simple registration process wherein you provide some information about yourself which is used to validate your password reset or account unlock requests. For more details refer how to reset your password or unlock your account.

The Enrollment Process:

You can enroll with ADSelfService Plus using your mobile device too. Click here to know how.

How does ADSelfService Plus verify your identity?

You can choose any of the following methods of enrollment.

  • Security Questions & Answers: During enrollment, you either choose from a set of predefined security questions or write your own security questions, and provide the corresponding answers. In future when you need to reset your password or unlock your account, ADSelfService Plus will ask you these questions. ADSelfService Plus will authenticate your identity using the answers and then allow you to reset the password or unlock the account.
  • Verification Code: While enrolling with ADSelfService Plus, you will be asked to provide either your mobile number or email address. Whenever you request for a password reset or account unlock, ADSelfService Plus will send you a verification code to the registered mobile number or email ID. You will have to enter this code into ADSelfService Plus to reset the password or unlock the account.
  • Google Authenticator: During enrollment, you will have to configure the Google Authenticator app with ADSelfService Plus. When you try to reset your password or unlock your account, you will be asked to enter the 6-digit security code generated by the Google Authenticator app to verify your identity.
  • RSA SecurID: While enrolling for ADSelfService Plus you will have your RSA SecurID configured. When you wish to authenticate yourself using this method a hardware token is generated which helps you to verify your identity and securely log in.
  • Duo Security: If this method is enabled then you will have to authenticate your identity with a DUO push/call/code. You need to configure your mobile, manually, with Duo Security to access your account.
  • RADIUS Authentication: If this method is enabled, you can verify your identity with your RADIUS password during Reset Password/ Unlock Account. This password acts as authenticator, additional to your user credentials.
  • Mobile Authenticator: In this method, you use the ADSelfService Plus mobile app for authentication. Your administrator may have enabled any or all of push authentication, fingerprint authentication, QR code authentication, and time-based one-time passcode (TOTP). Depending on the enabled authentication method, you can prove your identity by logging in to the mobile app during the self-service password reset and account unlock processes.
  • SAML Authentication: In this method, user identity is authenticated by SAML-based identity providers. That means, when you request for a password reset or account unlock, you will be required to log in to your identity provider to authenticate yourself.
  • AD Security Questions: When this MFA technique is enabled, every time you attempt a password reset or account unlock, you will be required to enter a valid answer to the AD Security question posed. The AD Security Questions, set by your administrator, will mostly be about your profile information like your mobile number or a secret answer. Your administrator will provide you with the secret answer. If your entered answer matches with your configured AD attribute value, you will be successfully authenticated.

Enrollment using Security Questions and Answers

  1. Start and logon into ADSelfService Plus with your domain credentials.
  2. Click on the "Enrollment" tab.
  3. Select the "Security Questions & Answers" tab.
  4. At this stage, you will be provided with any or all of the following options (depending on your IT administrator’s choice):

You will now get a message stating that your enrollment process was successful.


Enrollment using verification code

  1. Launch ADSelfService Plus.
  2. Logon to ADSelfService Plus with your domain credentials
  3. Click the ‘Enrollment’ tab
  4. Select the ‘Verification Code' tab
  5. At this stage, you will be provided with any or all of the following options (depending on your IT administrator’s choice):
  6. If your IT administrator has allowed both the options, choose any one of your choices, and provide the corresponding details.

Enrollment using Google Authenticator:

  1. Launch ADSelfService Plus.
  2. Log into ADSelfService Plus with your respective domain credentials
  3. Click the Enrollment tab
  4. Select the Google Authenticator tab
  5. You will now be provided with steps on how to configure Google Authenticator app with ADSelfService Plus.
  6. You can either configure the app by scanning the bar code or by entering the secret key. Follow the instructions and enter the code generated by the app.
  7. Click Enroll.

Enrollment using Duo Security

  1. Launch ADSelfService Plus.
  2. Login to ADSelfService Plus with your domain credentials
  3. Click the Enrollment tab
  4. Select the Duo Security tab
  5. If you are already using Duo Security for two-factor authentication to login to ADSelfService Plus, then you just need to verify your enrollment.
  6. You will also be provided with steps on how to configure Duo Security app with ADSelfService Plus.

Enrollment using RSA SecurID

In the case of RSA SecurID, enrollment is not required from the ADSelfService portal. The user needs to log in to his RSA Security Console with an account to authenticate himself.

Please contact the admin to receive the authentication credentials that is mapped to your RSA Account.

Enrollment using RADIUS Authentication

In the case of RADIUS Authentication, enrollment is not required from the ADSelfService portal. Please contact your admin for the RADIUS password, which will be mapped to your account.

Enrollment using Mobile Authenticator

  1. Download the ADSelfService Plus mobile application and login with your Windows credentials.
  2. Click the Enrollment tab
  3. Select the Mobile App Authenticator tab
  4. Simply enable the authentication methods as per your requirement, or, if your admin has certain methods mandatory, then enable them.
  5. Once you’ve selected the authentication methods, tap Update at the top.

Note: Mobile authentication can be performed from multiple devices, provided you have enrolled with ADSelfService Plus. It is device-based enrollment, so if you change your mobile device or uninstall the app after enrollment, you cannot use mobile app authenticator method for authentication. You must enroll again from the new device or after reinstalling the app.

Enrollment using SAML Authentication

For SAML Authentication, enrollment is not required from ADSelfService Plus portal. Please contact your administrator to receive the identity provider credentials that will be mapped to your account.


Enrollment using AD Security Questions

For utilizing AD Security Questions method of authentication, you are not required to enroll from ADSelfService Plus portal. Please contact your administrator for information regarding your AD security questions.

Configuring Google Authenticator app with ADSelfService Plus:

Android devices:

iPhone & iPad:

Blackberry devices:

Note: If your IT administrator has provided you with all the above options for enrollment process, you need to provide all the respective details to get yourself enrolled.

How to enroll for self-service from your mobile device?

  1. Access ADSelfService Plus from your mobile web browser. Click here to learn how to access ADSelfService Plus from your mobile device.
  2. Tap the Login button
  3. Enter your Username, Password and select your Domain, and then tap Login.
  4. Based on the identity verification method chosen by your administrator, you will have to enter the necessary details
  5. If Security Questions & Answers method is enabled, then choose the security questions of your choice and provide the corresponding answers
  6. If Verification Code method is enabled, tap the Verification Code tab and enter your mobile number and / or the email address. You can also add your secondary mobile number and email Id by tapping the plus icon
  7. If Google Authenticator is enabled, manually set up your account in the authenticator app. Enter the code generated in the app to authenticate yourself.
  8. If Duo Security is enabled, you can verify yourself by choosing Duo Push/Call/Passcode for enrolling in ADSelfService portal.
  9. For RSA, there is no manual enrollment. You can use the RSA token received from administrator during the reset password and unlock account processes.
  10. For RADIUS Authentication method, there is no manual enrollment. You can authenticate yourself by giving the RADIUS password, that will be used besides the username & password, for enrollment and verification.
  11.  For Mobile App Authenticator, you cannot enroll from your mobile web browser. Use the ADSelfService Plus mobile app to enroll for the authentication methods enabled in Mobile App Authenticator.
  12.   Click here to learn more.
  13. Once you have entered all the details, tap the Update button to finish the enrollment process.
  14. Copyright © 2011, ZOHO Corp. All Rights Reserved.
    ManageEngine
    Copyright © 2011, ZOHO Corp. All Rights Reserved.
    ManageEngine