ManageEngine, the enterprise IT management division of Zoho Corporation, announced that ADSelfService Plus, its integrated Active Directory (AD) self-service password management and single sign-on solution, now supports two-factor authentication (2FA) for macOS systems. With this feature, organizations can secure their macOS endpoints with an additional layer of authentication.
Passwords are the first, and for many organizations, the only line of defense protecting sensitive and privileged resources from unauthorized access. However, users often create and reuse weak passwords across critical enterprise accounts, making these accounts easy targets for cyber criminals.
Enabling 2FA protects network resources against unauthorized access by double checking user identities, requiring both a traditional username/password combination and a second authentication factor, such as a one-time password (OTP), sent via email or SMS.
“Though two-factor authentication is widely accepted as a method to ensure user logon security, macOS does not provide a way to enable this feature for the domain computers,” says Parthiban Paramasivam, director of product management, ADSelfService Plus.
“The latest version of ADSelfService Plus helps IT teams secure user logons by offering two-factor authentication for macOS systems.”
ADSelfService Plus’ 2FA for macOS Logons
With 2FA enabled, users have to successfully authenticate themselves twice to access their macOS machines. Users are authenticated first through their Active Directory domain credentials, and next through one of the supported authentication techniques.
ADSelfService Plus supports SMS or email-based OTPs, DUO Security (via phone call or push notifications), RSA SecurID, RADIUS, security questions and answers, Google Authenticator, fingerprint authentication, QR-code based authentication and time-based one-time passwords (TOTPs) as second factors of authentication for macOS logons.
Other highlights of ADSelfService Plus’ 2FA for macOS logons include:
- 2FA at the granular level: ADSelfService Plus offers the ability to configure 2FA based on domain, OU or group memberships. This allows admins to enforce second factors of authentication based on users’ privileges.
- Compliance with regulatory mandates: ADSelfService Plus’ macOS 2FA helps organizations meet compliance mandates of NIST SP 800-63B, NYCRR, FFIEC, GDPR and HIPPA.