In a previous blog, we saw how two-factor authentication (2FA) secures access to cloud apps in hybrid AD. 2FA adds an extra level of security for applications, including Office 365, G Suite, and Salesforce, to protect sensitive information. With ADSelfService Plus, you can take things a step further; through the tool, you can have a different 2FA option for each app, and even per user, based on the granular policies defined for AD OUs and groups.
Neither Azure AD nor on-premises AD provide the flexibility and complexity to apply different rules for different users, and define how users authenticate themselves with a second factor. Besides, there’s no option for enforcing policy-based access control.
ADSelfService Plus allows organizations to define multiple granular policies within a single dom
ain across applications, streamlining user access. It helps enforce different policies for users with different privileges, such as IT admins, finance staff, managers, and non-IT staff, as well as policies specific to OUs or groups, as seen in Figure 1. This allows for granular control without the need to restructure AD.
Figure 1. Enforcing 2FA for SSO access to cloud apps based on OUs or groups.
Summary
ADSelfService Plus enforces 2FA at a granular level, giving administrators the ability to configure 2FA for various cloud apps based on OU or group membership. While it lets admins control and customize the methods users can employ to authenticate role-based applications, there’s no need to restructure AD to allow for 2FA in an existing hybrid environment.
