In last week’s post we saw how to create OU and group-based self-service policies. This week I will show the various advanced options that you can configure to make the self-service policies suit your exact business requirements.

Block User Tab:

This tab allows you to block users who failed at the identity verification step. If a user attempts to use more than a few unsuccessful reset password attempts by providing the wrong answers to security questions or verification codes, then that users will be blocked for a preset period of time.

 All you have to do is enter the maximum number of invalid attempts allowed within a given time frame and how long the users should be blocked. This feature works similar to the account lockout policy in Active Directory.

Once a user is blocked, he/she will not be able to use ADSelfService Plus’s reset password and account unlock options. The lists of blocked users are captured in a report for your future reference. You can also use the report to unblock a user.