- Free Edition
- Quick Links
- Multi-factor authentication
- Active Directory MFA
- Endpoint MFA
- Windows login MFA
- Two-factor authentication
- Conditional access
- Offline MFA
- FIDO2 MFA
- Passwordless authentication
- MFA for VPN logons
- MFA for OWA logons
- MFA for Microsoft 365 users
- MFA for UAC
- MFA for remote and local macOS logons
- MFA for remote and local Linux logons
- MFA for Windows servers
- MFA for RDP
- Device-based MFA
- MFA for cloud apps
- Phishing-resistant MFA
- Adaptive MFA More..
- Password management
- Self-service password reset
- Self-service account unlock
- Password expiration notifications
- Password synchronization
- Password policy enforcer
- Web-based domain password change
- Cached credentials update
- Reporting and auditing
- Password self-service from logon screens
- Help-desk-assisted password reset
- Mobile password management
- Password security and compliance
- Password management and security More..
- Single sign-on
- Remote work enablement
- Enterprise self-service
- Reporting and auditing
- Zero trust
- Integrations
- Security
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
The need to protect macOS logins
With one in three data breaches attributed to stolen credentials, MFA for macOS has rightfully become a focal point for many IT organizations. Most employees succumb to the pressure of managing multiple passwords and reuse passwords or create weak ones, making them an easy target for cybercriminals using brute-force and dictionary attacks. Enabling ADSelfService Plus' MFA for macOS endpoints adds a second factor to the authentication of user identities and the authorization of access to sensitive IT resources.
Setting up macOS MFA with ADSelfService Plus
Employees' desktops and laptops can serve as effective entry points for an elaborate cyberattack. Without system-based MFA, cybercriminals could leverage a compromised user account to access the user's machine and connected IT systems.
When ADSelfService Plus' macOS MFA is enforced, every user is required to authenticate their identity via two factors before they can access their machine. The first factor is generally the user’s domain credentials, and the additional factor can range from biometrics to smart cards.
Highlights of ADSelfService Plus' macOS MFA
- MFA at a granular level: Configure MFA based on a user’s domain, OU, or group membership to enforce specific second factors of authentication.
- Compliance with regulations: Meet compliance mandates for NIST SP 800-63B, the NYCRR, the FFIEC, the GDPR, and HIPAA with ADSelfService Plus’ macOS MFA.
- Conditional access: Strengthen authentication based on the real-time security risk posed by a user.
<pointer to Enable __ factor>: Enable up to three authentication factors.
<pointer to Choose authentication>: Choose from over 20 advanced authentication factors.
Why you should enable MFA for macOS
System-based MFA safeguards sensitive data, even in cases where passwords are compromised. For example, if a cybercriminal steals a user’s password via a credential-based attack or data-hoarding site, they still need access to the user's phone or email to advance past the second authentication factor.
Authentication codes from Google Authenticator or Microsoft Authenticator are unique and time-bound. These codes can only be used once and will expire if they are not entered within a certain period.
Supported authentication factors for macOS MFA
- Google Authenticator
- Fingerprints
- Face ID
- YubiKey
- Duo Security
- Microsoft Authenticator
- Time-based one-time passwords (TOTPs)
For the complete list of authenticators, click here.
Need help setting up Windows, macOS, and Linux MFA for your employees' laptops? Contact us.
Highlights of ADSelfService Plus
Password self-service
Unburden Windows AD users from lengthy help desk calls by empowering them with self-service password reset and account unlock capabilities.
Multi-factor authentication
Enable context-based MFA with 20 different authentication factors for endpoint, application, VPN, OWA, and RDP logins.
One identity with single sign-on
Get seamless one-click access to more than 100 cloud applications. With enterprise single sign-on (SSO), users can access all their cloud applications using their Windows AD credentials.
Password and account expiry notifications
Notify Windows AD users of their impending password and account expiry via email and SMS notifications.
Password synchronization
Synchronize Windows AD user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.
Password policy enforcer
Strong passwords resist various hacking threats. Enforce Windows AD users to adhere to compliant passwords by displaying password complexity requirements.
