Password self-service solution is a godsend for businesses reeling under the huge volume of password reset and account unlock calls to the service desk. Empowering end users to solve their password problems can reduce help desk workload and the costs associated. However, some businesses are reluctant to employ password self-service for fear of losing control over the IT change management process. Though their apprehension about security can be dispelled by providing strong security measures, some organizations have policies that prevent end users from directly resetting their Active Directory passwords.
Approval Workflow for Self-Service Actions
What if you can give users the power to reset their passwords while a help desk technician or admin reviews and approves the action? That is exactly what you can do with the Approval Workflow feature in ADSelfService Plus. All you have to do is choose a workflow provider such as ManageEngine ADManager Plus and integrate it with ADSelfService Plus. After the integration, help desk technicians will be able to review the self service actions by verifying end user identity and approve the actions. To verify user identity, you can set up a set of Active Directory attribute-based security questions.
How It Works
Here’s how the approval workflow model works:
-
A user requests password reset by using ADSelfService Plus.
-
The user will be asked a set of predefined Active Directory attributes-based security questions, such as What is the last five digits of your social security number?
-
The user answers all the questions and submits the request, which will be forwarded to ADManager Plus – the workflow provider.
-
In ADManager Plus, a help desk technician reviews and approves or rejects the request by comparing the answers provided by the user against the actual values in Active Directory.
-
After approval, ADSelfService Plus sends a secure password reset link via email to the user, using which the user can reset the password.
-
All activities in the workflow process including who reviewed and approved a self-service action are captured in reports for auditing purposes.
Benefits
Security and Consistency: Help desk technicians have full control over users’ self-service actions. It ensures that Active Directory is never compromised because of an end-user’s self-service action.
Reduce Costs: A call to the help desk for password reset may take at least 15 minutes to get resolved. With approval workflow for password self-service, there is no need for end users to call the help desk for assistance with their password problems. Everything can be done with simple mouse clicks from a web-based console.
Help desk assisted self service gives you the best of both worlds. No longer do you have to worry about the effect of end users’ self-service actions in your IT system. More importantly, your help desk doesn’t have to bear the brunt of dealing with password-related service calls. So, what are you waiting for? Go ahead and give ADSelfService Plus a try. The full version is completely free for up to 50 users. Download ADSelfService Plus.
I saw how work flow approval works but my question is, if someone ask me how ManageEngine ad selfservice plus is safe , is there any information about that? How it works with AD? How AD selfservice plus and AD communicate with each other?