Help Document

How do I enroll in ADSelfService Plus?

ADSelfService Plus authenticates your identity using the information you provide during the enrollment process. Enrollment is mandatory if you want to reset your password or unlock your accounts using ADSelfService Plus.

Note: Your admin might choose to enforce any or all the authentication techniques available in ADSelfService Plus. Based on that, you'll be required to provide the required information.

Enrollment using security question and answers

  • In the ADSelfService Plus’ user portal, go to Enrollment tab → Security Questions.
  • Any of these three windows will open.
    • Mandatory security questions: Your administrator would have already configured the security questions. All you have to do is provide appropriate answers.
    • Manadatory questions

    • Custom security questions: Configure your own security questions and provide appropriate answers.
    • Custom security questions.

    • Select a question from the list: A set of security questions defined by your administrator will be displayed. You choose the questions using which you wish to be authenticated and provide appropriate answers.
    • Custom security questions

  • Click Next.

Enrollment using email address

Get verification code via email ID

  • In the ADSelfService Plus’ user portal, go to the Enrollment tab → Email verification
  • Enter your email ID.
  • Verify the entered email ID by entering the verification code sent to your mail.
  • Click Next.
  • Enrollment using email address

Enrollment using Mobile numbers

Get verification code via mobile number

  • In the ADSelfService Plus’ user portal, go to Enrollment tab → Mobile Verification
  • Enter your mobile number.
  • Verify the entered mobile number by entering the verification code sent to your device.
  • Click Next.
  • Enrollment using Mobile numbers

Enrollment using Google Authenticator

Prerequisite:

  • Download Google Authenticator app in your mobile device from the Play Store or the App Store.

Configuration steps:

  • In the ADSelfService Plus’ user portal, go to Enrollment tab → Google Authenticator. A QR code will be displayed.
  • Go to Google Authenticator app in your mobile. Select Scan QR code and scan the displayed QR code.
  • If that method fails, click Can't scan it? link. A set of numbers will be displayed.
  • Go to Google Authenticator app in your mobile. Select Manual entry → enter the displayed numbers in the app.
  • A one-time-passcode is generated in the app. Type that value in the Enter code field.
  • Click Next.
  • Enrollment using Google Authenticator

Enrollment using Microsoft Authenticator

Prerequisite:

  • Download the Microsoft Authenticator app on your mobile device from the Google Play Store or the Apple App Store.

Configuration steps:

  • In the ADSelfService Plus’ user portal, go to Enrollment → Microsoft Authenticator. A QR code will be displayed.
  • Go to Microsoft Authenticator app in your mobile. Select Scan QR code and scan the displayed QR code.
  • If that method fails, click Can't scan it? link. A set of numbers will be displayed.
  • Go to Microsoft Authenticator app in your mobile. Select Add accountOther (Google, Facebook, etc.)OR ENTER CODE MANUALLY. Enter the Account name (something to identify your account, say, ADSSP) and type the Secret Key displayed below. One-time-passcode is generated.
  • Switch to the user portal and type the one-time-passcode in the Enter code field.
  • Click Verify Code.
  • Enrollment using Microsoft Authenticator

Enrollment using Azure AD MFA

To enable Azure AD MFA, enrollment is not required from the ADSelfService Plus portal. You must already be enrolled for authentication methods configured by your administrator in the Azure AD user portal. Contact your administrator if not.

Enrollment using Yubikey Authenticator

Prerequisite:

  • Enrolling through a workstation: Plug in the Yubikey device to your workstation. Place the cursor in the field below and press/hold the button on the plugged-in Yubikey device depending on the slot configured. The code is automatically updated.
  • Yubikey Authenticator

  • Enrolling through a mobile device: If you are using an NFC-enabled mobile device, simply tap the Yubikey device against your mobile. Copy the displayed passcode and paste it in the field below.
  • Yubikey enrollment

  • Click Next.

Enrollment using Zoho OneAuth

Note: Install Zoho OneAuth in your mobile device. You can download it from the Google Play Store or the Apple App Store.
  • In the ADSelfService Plus' user portal, go to Enrollment tab > Zoho OneAuth TOTP. A QR code will be displayed.
  • Open the Zoho OneAuth app on your phone. Go to Authenticator ( authenticator ) > OTP Authenticator.
  • Click the "+" and select Scan the QR secret.
  • Scan the QR code displayed on the ADSelfService Plus user registration screen.
  • If this method fails, click Can't scan the QR code? link. A secret key will be displayed.
  • Open the Zoho OneAuth app on your phone. Select Enter secret manually and enter the secret key in the app.
  • A one-time-passcode is generated in the app. Type that value in the Enter the TOTP field in the ADSelfService Plus user registration screen.
  • Click Next.
  • Enrollment using Zoho OneAuth

Enrollment using DUO Security

  • In the ADSelfService Plus’ user portal, go to Enrollment tab → DUO Security.
  • Follow the steps given in the webpage.
  • Click Next.
  • Enrollment using email address

Enrollment using RSA SecurID

For RSA Authentication, enrollment is not required from ADSelfService Plus portal. Please contact your administrator for the RSA hardware token that is mapped to your account.

Enrollment using RADIUS Authentication

For RADIUS Authentication, enrollment is not required from ADSelfService Plus portal. Please contact your administrator for the RADIUS password that is mapped to your account.

Enrollment using SAML Authentication

For SAML Authentication, enrollment is not required from ADSelfService Plus portal. Please contact your administrator to receive the identity provider credentials that is mapped to your account.

Enrollment using AD Security Questions

For utilizing AD Security Questions method of authentication, you are not required to enroll from ADSelfService Plus portal. If you are unsure about the answers for the displayed AD security questions, please contact your administrator.

Enrollment using Push Notification Authentication

  • Log in to the ADSelfService Plus mobile app > click Enrollment → Push Authentication.
  • Follow the steps displayed in the webpage.

Enrollment using push alert authentication

Enrollment using Fingerprint Authentication

  • Log in to the ADSelfService Plus mobile app > click Enrollment → Fingerprint Authentication.
  • Follow the steps displayed in the webpage.

Enrollment using Fingerprint authenticator

Enrollment using QR code Authentication

  • Log in to the ADSelfService Plus mobile app > click Enrollment → QR code Authentication.
  • Follow the steps displayed in the webpage.

Enrollment using QR code authenticator

Enrollment using TOTP Authentication

  • Log in to the ADSelfService Plus mobile app > click Enrollment → TOTP Authentication.
  • Follow the steps displayed in the webpage.

Enrollment using TOTP Authentication

Backup verification codes

The codes are a set of 12-character codes that you can generate and use to verify your identity. There are 5 backup codes in a set. You can use these codes if you are unable to use your enrolled MFA methods for authentication or you don't have access to you MFAdevice. Each code can be used only once for verifying your identity during machine, VPN, and ADSelfService Plus logins or for performing any self-service actions.

Backup code generation:

The MFA backup codes section can be accessed from:

  1. Enrollment tab: In the ADSelfService Plus user portal, go to Enrollment. Under MFA Recovery Mode, select Generate One-Time Use Backup Codes.
  2. Backup verification codes

  3. Profile icon: If the Enrollment tab is not available, in the ADSelfService Plus user portal, click the profile icon and select MFA Recovery from the profile menu that appears.
  4. Backup verification codes

  1. The Generated Backup Verification Codes section will appear. Here, five MFA backup verification codes will be displayed. If you require a new set of codes,click Generate New Codes. The previously displayed set of codes will be invalidated.
  2. Choose what to do with the generated codes:
    • Save as Text: Download the codes as a text file.
    • Send Email: Email the backup codes to a specific email address.
    • Print: Print a hard copy of the codes.
  3. Click Close.
  4. Backup verification codes