- Free Edition
- Quick Links
- Multi-factor authentication
- Active Directory MFA
- Endpoint MFA
- Windows login MFA
- Two-factor authentication
- Conditional access
- Offline MFA
- FIDO2 MFA
- Passwordless authentication
- MFA for VPN logons
- MFA for OWA logons
- MFA for Microsoft 365 users
- MFA for UAC
- MFA for remote and local macOS logons
- MFA for remote and local Linux logons
- MFA for Windows servers
- MFA for RDP
- Device-based MFA
- MFA for cloud apps
- Phishing-resistant MFA
- Adaptive MFA More..
- Password management
- Self-service password reset
- Self-service account unlock
- Password expiration notifications
- Password synchronization
- Password policy enforcer
- Web-based domain password change
- Cached credentials update
- Reporting and auditing
- Password self-service from logon screens
- Help-desk-assisted password reset
- Mobile password management
- Password security and compliance
- Password management and security More..
- Single sign-on
- Remote work enablement
- Enterprise self-service
- Reporting and auditing
- Zero trust
- Integrations
- Security
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
The need to protect enterprise app logins
The increasing number of enterprise applications in today's hybrid work environment is attracting unwanted attention from attackers trying to steal and misuse identities. Hackers can easily trick users into disclosing their credentials through phishing, keylogger, or manipulator-in-the-middle (MITM) attacks. And traditional authentication mechanisms involving just usernames and passwords cannot withstand these modern-day attacks.
To defend enterprise applications against these cyberattacks, organizations should deploy MFA techniques wherein additional factors aside from usernames and passwords are implemented to fortify end-user application logins. Besides MFA, enterprise applications can also be secured using strong and custom password policies. Click here to learn more about these policies.
Securing enterprise application logins using ADSelfService Plus
ManageEngine ADSelfService Plus, an Active Directory MFA, SSO, and self-service password management solution, protects access to on-premises and cloud applications with strong MFA techniques such as phishing-resistant FIDO2 authentication and biometrics. On enabling SSO using ADSelfService Plus for enterprise applications such as Google Workspace and Salesforce, you can easily secure your organization's user identities.
When SSO is enabled, users must always authenticate themselves in ADSelfService Plus—first using their username and password and then through MFA authenticators chosen by you. Only then will users be able to access applications assigned to them. MFA for enterprise applications ensures that even when hackers compromise a user's credentials, they cannot gain access to the application and its data. ADSelfService Plus supports MFA for on-premises and cloud application logins initiated by both identity providers (IdPs) and service providers (SPs).
How it works
During IdP-initiated logins
- In IdP-initiated SSO, users access necessary applications by first logging in to the ADSelfService Plus portal using MFA.
- While logging in to the ADSelfService Plus portal, users must authenticate themselves with the authentication methods that you have configured for them.
- After successfully logging in to the portal, users can enjoy single-click access to the applications assigned to them from ADSelfService Plus' application dashboard.
During SP-initiated logins
- In SP-initiated SSO, users first access the enterprise application they need and are then redirected to ADSelfService Plus' login page for identity verification.
- In ADSelfService Plus' login page, users must verify their Active Directory credentials after which they need to authenticate themselves with the MFA methods that have been configured for them.
- After successful identity verification, they are redirected back to the application, which they can now access.
A comprehensive set of authentication factors
Some of the authentication methods that ADSelfService Plus supports to secure enterprise applications are:
- FIDO passkeys
- Biometric authentication (fingerprint/facial recognition)
- Smart card authentication
- Duo Security
- Microsoft Authenticator
- Google Authenticator
- YubiKey authentication
- Email verification
Learn more about the MFA authenticators that ADSelfService Plus supports for on-premises and cloud application logins.
Benefits of MFA for enterprise applications using ADSelfService Plus
- Policy-based security for cloud applications: Apply different authentication factors for different users and even control access to cloud apps by configuring OU- and group-based policies.
- Risk-based automated access control: Deploy conditional access to automatically enforce specific authenticators or change the number of authenticators based on risk factors such as IP address, time of access, device, and geolocation.
- Regulatory compliance: Meet NIST SP 800-63B, GDPR, PCI DSS, and HIPAA compliance mandates by implementing MFA for enterprise applications.
ADSelfService Plus uses the tried-and-tested Windows Active Directory domain credentials as the first factor of authentication. For the second factor, ADSelfService Plus supports strong factors such as biometrics, FIDO passkeys, smart card, Duo Security, RSA SecurID, RADIUS server, Google Authenticator, and verification codes sent via SMS or email.
Highlights of ADSelfService Plus
Password self-service
Unburden Windows AD users from lengthy help desk calls by empowering them with self-service password reset and account unlock capabilities.
Multi-factor authentication
Enable context-based MFA with 20 different authentication factors for endpoint, application, VPN, OWA, and RDP logins.
One identity with single sign-on
Get seamless one-click access to more than 100 cloud applications. With enterprise single sign-on (SSO), users can access all their cloud applications using their Windows AD credentials.
Password and account expiry notifications
Notify Windows AD users of their impending password and account expiry via email and SMS notifications.
Password synchronization
Synchronize Windows AD user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.
Password policy enforcer
Strong passwords resist various hacking threats. Enforce Windows AD users to adhere to compliant passwords by displaying password complexity requirements.
