AD Security Questions

 

Enabling this MFA technique allows you to create AD-based security questions. You can configure answers to the created questions by mapping it with appropriate AD attribute values.

For example, assume that you have set 'What is your phone number?' as an AD-based security question, and mapped the mobile attribute as the answer. Now when a user attempts a password reset, they are required to enter the correct answer (i.e., user's phone number). If the answer entered by the user matches the value of the original AD attribute (i.e., the value of the mobile attribute), the user is successfully authenticated.

And as this MFA technique utilizes the users' AD attributes, they need not enroll separately. This is a definite plus for the admins who would be free from the burden of ensuring that each and every user has completed the enrollment process.

 

Configuration steps:

  1. Log in to the ADSelfService Plus web console with admin credentials.

  2. Navigate to Configuration tab → Multi-factor Authentication section → AD Security Questions.

  3. Select the Enable AD Security Questions checkbox.

  4. Click the Add Question button to add a new question.

    Enable AD Security Questions

  5. Assign a value to the AD security question by selecting an attribute from the Verify With drop-down.

  6. Click Save Settings.

  • Click the asterisk symbol [*] to make the AD security question mandatory.

  • When AD Security Questions method of authentication is enabled, the users need not enroll separately with ADSelfService Plus.

  • If you've mapped a multi-valued attribute (say, otherMobile) to a security question, any value of that attribute is considered as a valid answer.
Copyright © 2011, ZOHO Corp. All Rights Reserved.
ManageEngine