ManageEngine ADSelfService Plus Adds Two-Factor Authentication Support for Windows Logons

Helps Organizations Add an Extra Layer of Security to Windows Machines and Comply with IT Regulations

  • Enable two-factor authentication for both local and remote desktop logons.
  • Granularly enforce TFA based on OUs and groups
  • Download a free, 30-day trial of ADSelfService Plus at

PLEASANTON, Calif. - July 10, 2018 - ManageEngine, the real-time IT management company, today announced that it is rolling out two-factor authentication (TFA) support for Windows logons in ADSelfService Plus, its integrated Active Directory self-service password management and single sign-on solution. With this support, ADSelfService Plus enables organizations to add an extra layer of protection for critical resources that are accessed by users through Windows-based machines. ADSelfService Plus seamlessly integrates with Windows client (Vista and above) and server (2008 and above) operating systems to provide users a simple and secure logon experience across both local and remote desktop logons.

Most organizations enforce complex passwords as a common defense against cyberattacks. However, complex passwords are hard to remember, so many employees resort to insecure practices like writing passwords down or storing them in plaintext. Even if an organization properly implements complex passwords, it may still not be enough to stay ahead of the evolution of password cracking programs. According to a recent Forrester report[1], almost one third of security breaches are caused by stolen passwords. Knowing the risks associated with passwords, IT compliance laws such as PCI DSS have explicitly prohibited the use of passwords as the only authentication mechanism.

Mitigating Poor Password Behavior with TFA

TFA ensures that users are authenticated twice - once through a password and again through a fingerprint or an OTP sent to a smartphone - before being granted access to valuable corporate resources.

"With better security mechanisms like TFA available, there's no reason for organizations to verify users' identities using passwords alone. TFA creates a two-layered mechanism that is almost impossible for an attacker to bypass," said Parthiban Paramasivam, product manager at ManageEngine. "Now that we've broken ground on TFA for Windows logons, we're also working on adding contextual authentication that factors in a user's geolocation, IP address, local time, and device, all to further enhance IT security."

Highlights of ADSelfService Plus TFA for Windows Logons

ADSelfService Plus comes with a built-in logon agent for Windows, which forces users to undergo TFA during both local and remote desktop logons. Users have to first enter their Active Directory domain password and then authenticate themselves using one of the supported second factors.

  • Supports multiple authentication mechanisms: Supports email and SMS-based passcodes, Duo Security, RSA SecurID, and RADIUS as the second factor of authentication.
  • Enables granularly-enforced TFA: Enforces TFA for all users across an organization or only for select individuals - such as those that have elevated privileges and are at higher risk of security attacks - through OU and group-based policies.
  • Helps organizations comply with PCI DSS and the GDPR: Supports compliance with the latest version of PCI DSS (3.2), which makes TFA mandatory. The European Union Agency for Network and Information Security (ENISA) recommends implementing TFA as a technical measure to comply with the GDPR.

Pricing and Availability

Pricing for ADSelfService Plus with TFA for Windows starts at $1,195. A fully functional, 30-day trial version is also available for download at

ADSelfService Plus is free for up to 50 users. The Free edition supports all the features of the Professional edition, including Windows TFA, single sign-on, and password self-service, and can be downloaded at

About ADSelfService Plus

ADSelfService Plus is an integrated Active Directory self-service password management and single sign-on solution. It offers password self-service, password expiration reminders, a self-service directory updater, a multiplatform password synchronizer, and single sign-on for cloud applications. Use the ADSelfService Plus Android and iPhone mobile apps to facilitate self-service for end users anywhere at any time. ADSelfService Plus supports the IT help desk by reducing password reset tickets and spares end users the frustration caused by computer downtime. For more information, please visit

About ManageEngine

ManageEngine is bringing IT together for IT teams that need to deliver real-time services and support. Worldwide, established and emerging enterprises - including more than 60 percent of the Fortune 500 - rely on our real-time IT management tools to ensure tight business-IT alignment and optimal performance of their IT infrastructure, including networks, servers, applications, desktops and more. ManageEngine is a division of Zoho Corporation with offices worldwide, including the Netherlands, United States, India, Singapore, Japan and China. For more information, please visit; follow the company blog at and on LinkedIn at, Facebook at and Twitter @ManageEngine.

Media Contact:

Avinash Kagava
Follow us on Twitter: @manageengine

[1] Best Practices: Selecting, Deploying, And Managing Enterprise Password Managers; Forrester Research, Inc.; By Merritt Maxim, Andras Cser with Stephanie Balaouras, Salvatore Schiano, Madeline Cyr, Peggy Dostie; January 8, 2018