Technicians

Technicians are end users with specific privileges which allows them to carry out product administrative tasks. ADSelfService Plus' technicians are of two types:

1. Super Admin: Has full control over the entire application by default. 
2. Operator: Can audit the operations taking place in the application. 

Based on the method of authentication, technicians are classified into:

1. Domain technicians: These are technicians who have an account in AD. Domain technicians have control only over the domain to which that user belongs to.
2. Product technicians: These technicians have an account only in ADSelfService Plus and use their product account credentials for authentication. Product technicians have control over all the domains configured in ADSelfService Plus.

How to assign permissions to Technician roles

1. Go to  Configuration > Administrative Tools > Technician.
2. Select Role Settings. 
3. Select the required role from the drop-down. 

4. You can now choose to assign or remove the displayed permissions. 

How to create a Technician

1. Go to Configuration > Administrative Tools > Technician.
2. Click the Add new Technician button. 
3. Select the Authentication Type, Domain, Users/Groups, and the Role from the respective drop-downs. 

Important: When AD Authentication is selected, the created Technician can use their Windows logon credentials to log in to ADSelfService Plus. 
4. If you select Product Authentication in the Authentication Type field, you will be required to enter the login credentials of that Technician. 

5. Cick Add. 
Important:  When Product Authentication is selected, this only creates an account in ADSelfService Plus. The technician will not have an AD account and needs to use the credentials that you configure. 

Advanced Settings

The Advanced option allows you to configure login MFA and Password Policy settings for technicians who use product authentication.

Login MFA

• Go to Configuration > Administrative Tools > Technician.
• Click Advanced in the bottom-right corner and click the Login MFA tab.

  

• Enable MFA during login for technicians who use product authentication: Enabling this option prompts the configured MFA authenticators for technicians who use product authentication during login for additional security.
• Choose the number of authenticators to be prompted for technicians during login from the drop-down field.
• Select the authenticators required: Choose the authenticators you wish to apply to the technician from the drop-down field.
Click Advanced to open up more options to customize settings for technicians.



• Idle time limit for login MFA process: Specify the idle time limit for the login MFA process. Once the specified time has lapsed and the technician fails to complete the verification process, the technician will have to go through the MFA verification process again.
• Trust this browser option expires after _: When this option is enabled, users will not be asked to go through MFA for the specified length of time when they log in to ADSelfService Plus using trusted browsers. The duration of the trust period can be specified in days, hours, or minutes.
• Keep the 'Trust this browser' option selected by default: When this option is enabled, the Trust this browser check box will be selected by default on the MFA verification screen.
• Enable MFA Backup Verification Codes: Click this option to let admins generate backup codes for technician accounts via the Enrolled Users Report. Admins can choose to display the MFA Backup Code column in the Enrolled Users Report and generate backup codes from the report.

Password Policy

• Go to Configuration > Administrative Tools > Technician.
• Click Advanced in the bottom-right corner.
• Characters: Specify how many special characters, numbers, and Unicode characters should be used in a password.

• Repetition: Limit the use of
  • characters consecutively. (e.g., "aaaa")
  • consecutive characters from the username and old password (e.g., "user01")



• Pattern: Restrict technicians from using palindromes, dictionary words and other custom patterns in their passwords.



• Length: Specify the maximum and minimum password length.



• Enable Password Strength Analyzer: Enabling this setting will provide a visual representation of the strength of the password, thus ensuring technicians create strong, complex passwords.
• You can configure settings to override all complexity rules if the password meets a predefined password length and also specify the number of complexity rules a password must satisfy.