Gone are the days  when users worked on a single IT system.  Users today have mastered the art of working with different IT platforms, thanks to the proliferation of apps across  platforms and the urgent need to adapt to technological advancements. Organizations today implement new solutions and apps targeted to solve everyday problems. Consequently, a user has to remember Yet Another Username and Password. Even the best of us  forget  our passwords  and  end up using weak passwords that put the organization’s security at risk. One  solution to this problem is SSO, but implementing it and ensuring continuous availability is  a  tough challenge that most people tend to avoid.

Adopting a pragmatic approach to solve  this issue, ADSelfService Plus offers you an automatic and efficient password synchronizer. The password synchronizer feature from ADSelfService Plus enables you to implement a secure single password policy across the enterprise and still enjoy all the benefits that an SSO arrangement offers, but without the hassles.

The automatic password change detector and synchronizer

So, how does ADSelfService Plus accomplish this challenging task with consummate ease?

ADSelfService Plus employs a real-time password sync agent that automatically detects password changes in Windows accounts and synchronizes them with all associated IT systems and applications. The  agent functions as a background service on a Primary Domain Controller (PDC) and scans for password modifications in Active Directory.password-sync-agent-architecture

Immediately after detecting a password modification, the agent encrypts the new password and pushes it out to ADSelfService Plus securely via HTTPS for synchronization with the user’s associated IT systems and applications. It takes less than 30 seconds for the password to be synchronized across all systems and applications.

Making “single password policy” workable and secure

Some IT admins are wary of implementing a single password policy for all IT systems because of  the “man-in-the-middle attacks.”  ADSelfService Plus will definitely put such doubts to rest because it offers better security and prevents man-in-the-middle attacks. In man-in-the-middle attacks, the hacker intercepts the traffic between the server and the client. ADSelfService Plus encrypts  all the traffic between the source and the destination and sends it via HTTPS for synchronization. This effectively rids man-in-the-middle attacks. Moreover, ADSelfService Plus uses Advanced Encryption Standard (AES) to encrypt the data and prevents hackers from snooping passwords in transit.

The password is decrypted in ADSelfService Plus and sent to APIs of all IT systems and applications that the user is connected to. From the API, the changed password is sent to the servers of the corresponding IT systems and applications via HTTPS. And yes, all this happens in real time. The password is changed in all other connected systems as soon as it is changed in the domain controllers!

Deploying the password synchronizer from ADSelfService Plus is simple and empowers  administrators to implement a strong and secure single-password policy with ease.

Password strength analyzer and enforcer

Users must have strong passwords, regardless of whether an SSO system or a single-password policy has been deployed. ADSelfService Plus has a provision for this, using which administrators can regulate the strength of the passwords. The password strength analyzer and strength enforcer are two features from ADSelfService Plus that prohibit users from setting weak passwords and force them to set stronger passwords. The password strength analyzer shows the users how strong the password they set is while the strength enforcer allows only passwords that are strong to be set.

So, what are you waiting for? Deploy ManageEngine’s ADSelfService Plus and bid adieu to the YAUP syndrome!

We, at ADSelfService Plus, are committed to helping you solve your password management problems. Stay tuned as we bring you simple solutions to your password management problems.