Previous Topic Next Topic

Enabling MFA for password reset and account unlock

The MFA for Reset/Unlock tab allows you to configure the authentication methods to be used to verify users’ identities during self-service password reset and account unlock, Before you begin, ensure you have enabled the required authentication methods. Click here to see the supported authentication methods.

1. Go to Configuration → Self-Service → Multi-Factor Authentication → MFA for Reset/Unlock.
2. Select a policy from the Choose the Policy drop-down. This will determine which authentication methods are enabled for which sets of users.
Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.
3. In the MFA for Password Reset/Account Unlock section, enter the number of authentication methods to be enforced, and select the authentication methods to be used.

Note: The Professional edition of ADSelfService Plus is required to utilize advanced authenticators for MFA.

4. Click on the asterisk (*) symbol next to the authentication method to set it as mandatory. You can also reorder the authenticators too.
5. Click Save Settings.

You can further configure the idle time limit, trusted device, and other relevant settings in the Advanced Settings tab.

Previous Topic Next Topic