User reset without selecting domain
Hi, we have configured several domain in AD SelfService mainly for administrators. Problem we are facing now is one of the domains is used by end users and they should not see all the other available domains. Is there a possibility to setup a secondary
Password change failed error
Hello, When i try to use Change Password feature i get "Password change failed . Unable to change password. May be you are not authorized to perform this action" error for any Active Directory user thru Web Application. Users can change their password
Is ADSSplus working with Windows Hello (Pin-code) ?
Hello, im testing ADSSplus for MFA for endpoints (Windows 10). I configured all settings, and its work nice, when user enter a password then he need to finish 2nd FA. But i want to setup PIN-code + mfa from ADSSplus and when user enter pin code he does
Disable Security Questions
Why is there no option to disable security questions? Other MFA options are sufficient without them, like an authenticator app, etc.
User Activities are deleted once disenrolled
We have noticed all user actions such as reset/change and unlock password details history gets deleted once the user is disenrolled. Since this tool interacts with users passwords, it is very important to keep history of user actions in audit reports.
Hide "Enrollment" tab
Hello, How I can hide "Enrollment" tab from password change page? Regards, Anton
Options to Unlock User Accounts as Super Admin or Operator Missing
Hello there, As a part of our organization's security policies, we have restricted users from being able to unlock their own accounts. Our operators and super admin accounts do not seem to have the option to unlock these accounts within AD Self Service
Account unlock/Password reset trying under the identity of the user
Hi, We have recently setup a new policy that uses MFA. Until you try to unlock an account or reset a password, everything works fine. When you try either option, we are getting a native exceptions: adssp.error.native.no_unlock_priviledge::::: For the
Change Reset Password Screen to include custom text
We'd like to include a description of what Password Complexity means when people change their password (this screen). Whether it's a hover/alt text or a link for a descript or just inline with the rest of it. This would help avoid some help desk tickets.
Clickatell text messages not going through consistently
Ever since we have implemented ADSelfService Plus with Clickatell text messages, the text messages from that service has been extremely poor. Sometimes but infrequently it works just fine but most of the time the text messages won't come or arrive so late that our screen times out before you can enter in the code. I have been round and round with support and Clickatell supposedly fixes something and things are better for a little while but shortly after things don't work again. This is very frustrating
Users reciving duplicate email-id error when trying to enrol
Users the already have their email attributes configured in AD recieve the following when trying to enroll for SSPR functionality. "Duplicate email-id found. Kindly provide a unique one.' Is there anyway of either auto enrolling users that already have
How can I configuration Azure AD MFA
Hi, I want to use MFA for MS Teams application for security reasons. how can i enable it via AD Self service. thank you for all
Blank page with ADSSP login script at logon
Hello, Some users are using XenApp desktop over Windows 2012R2, and when they logged in, they experienced a blank page which can't be close without killing the process. The blank page is the login script to ask users to register. Even if they killed the
Password reset with AD Attribute value as verification
Hi all, Just trying to set ADSS to allow password resets using an AD attribute as a verification code without the requirement to enroll first. Is this at all possible? Thanks, T
accessing reset password / lock account via web link
Hello, Is it possible to access the "reset password / unlock account" screen via web link ? Can be useful for most users, since they use a third party publish application (Load Balancer) to access terminal servers. Right now Its accessed only when trying to login to terminal servers with the default windows RDP Client. Regards, Henry Bahous
Windows agent pop up window showing warning (https)
I use HTTPS with a public subdomain attached and all working correctly. I moved on to testing the Windows agent and I am presented with the following. The access URL setting only allows me to enter the server name, but SSL will only work with FQDN. How to fix this?
Flat UI - GINA
HI, Thanks for the recent Flat UI update for the admin console. will this also be extended to the GINA? I seem to remember seeing some screenshots posted on the forums here which showed a Flat UI for the GINA but after updating to the latest build the GINA UI is still the same as previously? Thanks, John
Customize the Password Policy requirements on the Change/Reset Password Page
I would like to know how I can customize the Domian Password Policy Requirements descriptions on the "Change/Reset Password" page. Our password requirements has gotten, more complex. It is confusing to the users if it doesn't say what we have been telling them when they call the help desk. I have see two different examples on how to change this, though only one matches up to what I'm seeing in my software. Example #1... When logging into ADSSP, I goto Admin - Customize - Rebranding. I have the
ADSSP Client Issues after migrating to Okta SSO
We just recently enabled SSO integration with Okta to try and take advantage of Okta MFA. Everything seems to work fine but the ADSSP Client. When attempting to use the client utility from a locked Windows machine, users are getting the following error: I'm assuming I need to enable external URL access, but can't seem to find a setting for that in any of the docs/articles I've found so far. Like I mentioned before, this works fine if a user goes to the web app and unlocks/resets password, it's just
Delete Registered User in AD Self Service
How to delete a registered user in AD Self Service Plus?
Password Expired
Hello! We are using ADSelf service but our users with password expired can't authenticate on tool. I don't know if we forget apply any configuration, I think that tool would allow users with expired password to authenticate and so they can change the password.
Accounts that exist in multiple domains
Hi, We use AD Self Service to keep passwords in sync between two of our domains (separate forests). A subset of our users also have accounts in the second domain. In previous versions, staff could log in against the primary domain and AD Self Service would attempt to update their password in both domains. Now accounts that exist in both get an error "Multiple accounts are mapped for the same login attribute" and they have to prefix their username with their domain. Is there a way to replicate the
Change Password Audit Report not updating
Hi, I've just had an update catch-up moving from build 5511 to 5803. I've done a test password change, which appears to have worked but it doesn't show up in the Change Password Audit Report.
AdSelfService App
I’ve enabled fingerprint scanning on the ADSelfService app but it’s still asking the user to enter security questions to change my password. Is there a way to disable users who have fingerprint scanning enabled from having to enter security questions as well when changing password?
Build 5800 - Some users cannot change password
I am running Build 5800 and I see the following error in my serverOut log: Throwing Native Exception: user_cannot_change_password_flag_on_ad The users who receive this error are notified int he application that they may not have permissions to change password. I have verified with a couple of them that they can successfully change the password from their desktops using CTRL+ALT+DEL I have tried a number of things to correct this error, but at this point, I would say it might be a bug in Build 5800.
Password Complexity Checker
Is there a way a user can check if their password is considered strong using the rules we set within Self Service? If not could this be added as a feature request? It would be useful for users to be able to 'test' their password before changing it or resetting it so that tehy know it is considered strong.
Query user memberof group
Hello, we are testing ADSelfService Plus and have a question: Is it possible to get all groups that a user is member of in the employee search? I added a custom attribute "memberOf" but if i search the employee it shows only the first group he will find (alphabetical). Best regards
"Back to home" link
Hi. Has anyone had the chance to change the "Back to home" link (image below), after a user has successfully reset their password? The problem is that when the user clicks on the "Back to home" link, they go back to http://server_name:port_number/showLogin.cc. They get confuse and click on the Reset Password again. I want them to go back to the original page, like, Owamail.
looking for assistance on customizing the domainlogin.html
I know the entire page can be customized, however where is the code for user login?
ADSS Licence issue
Hi Can i request some help please ? I am having a issue where my licence count is incorrect i have purchased 1400 licence On the licence info drop down it reports that i have consumed 1398 licence Enrolled - 1098 Not-Enrolled - 300 Available - 2 When looking at reports for enrolled i have 1046 enrolled and 145 not enrolled and 1045 licenced users. Can someone tell me how to resolve the issue as we need to get people enrolled but only showing as having 2 licence available regards Ryan
SMS
Dear all, My SMS vender make the mobile NO. format like “+” (As +852xxxxxxxx) And while I update my user mobile NO. +852123123123 to reset my password with sms code but fail. So I check the logs on my SMS vender and say "mobile NO. 852123123123 it not correct." Cause my SMS vender format, So how can i fix this issue. Thanks!
Flat UI
Is there any update on the release of the flat UI? I was previously informed on this forum that it was releasing in January.
Relocate SQL Database
I need to migrate my self service database to another SQL server. I saw one article saying I need to backup and restore the Master Key as well. I am able to backup but unable to restore the key as it says I need to open the master key first and I would need a password. Is that something thats set at install by the installer? Or is that step even needed or if I can just restore the database and repoint the selfservice password server? I have been unable to find an official guide for moving a sql database
Locking down the product for use externally
We've been using Self Service Plus for years now and are considering how to open it up for external users (not necessarily ona VPN, public access). Are there any KB articles we can reference? I've had a look through and can't find anything. Our problem is we have external vendor support users who have accounts in our system, but still need to reset passwords every x days. 1) Is opening this application (via a reverse proxy or the like) something that is supported or recommended? 2) Are there any
Operator View all domains
Hi, I am trying to allow access to the admin console for our technicians (operator role) but they can only administer the domain their account exists on? How can I allow the operator role access to all domains akin to the super admin role? We also use ADAudit Plus and this allows to check box the required domains that the operator has access to, but I can't see this option in ADSelf-Service? Any help would be appreciated. Thanks
How to configure TLS1.2
According to the release notes, the latest versions of ADSelfServicePlus support TLSv1.2. How is that configured?
Application has not been installed properly
I am currently trialing AD SelfService Plus, with a view to purchasing for our organization. I have set up on the server and deployed the client software to one machine. The GINA configuration (from the server) has gone through fine, and I get a success message. Our server name is gct-dc01 and port is the default of 8888. On the client machine I can now see the "Reset/Unlock Account" link appearing but when clicking on it a white page appears (as though the client can't connect to the server?).
Restrict Profile by IP Address
Is there a way in AD Self Service Plus to setup a profile with an IP address filter? We want to allow domain admins to unlock/reset their passwords but only from within the LAN and not from the WAN. So we would have 2 profiles, one that points to the regular users OU that is usable from any IP address and another profile that points to the OU containing admins that is only usable from the LAN ip addresses. Much like you can restrict the Admin login page by ip address/range.
Servicenow Single sign on integration
Hello, I have a problem with setting up of SSO for Servicenow via ADSelfService Plus. I went through the documentation on page https://www.manageengine.com/products/self-service-password/step-by-step-guide-for-servicenow-single-sign-on.html but when I am trying to use external login to ServiceNow using the email address am forwarded to ADSelfService Plus which is showing me error message Sorry ! You are not authorized to view the contents of this file. Back | Sign Out Do you have an idea what can
HTML-formatting
Greetings, I've built a HTML-formatted email that i've pasted into the admin console, but when I send it, it just sends as plain text. I've tested the emailtemplate in a browser and there it looks correct, and formats correctly. In earlier builds of ADSelfService you had to activate the HTML-function, if that's the problem with the new release, where do I find that option? Thank you in advance! B/R Filip
Next Page