Knowledge Base

Email notifications sent from the Specops Authentication platform (uReset, Secure Service Desk, Key Recovery) must be sent from an email address in the customer domain or if you use your own SMTP settings, you are only limited by what addresses your SMTP server can send to. Custom SMTP settings – use your own email provider...

By default, when a user is enrolled in the mobile code (SMS) identity service, the mobile number entered by the user is stored in the mobile attribute on the user’s account in AD.  In some organizations this may not be ideal, as the phone number becomes visible to users in the other applications (e.g. Exchange/Office...

When configuring third party identity services (e.g. Duo, Okta, Verify, PingID, Symantec VIP) you may encounter an error after saving the configuration in the Identity Services section of the Specops Authentication Admin Web That shouldn’t happenSomething went wrong, an unexpected error occurred on your organization’s server. If you check the Specops event log under Applications...

Specops Authentication services (uReset, Secure Service Desk, Key Recovery) run on public cloud infrastructure and by default are accessible from anywhere on the internet. We offer several features that can enable admins to restrict access to certain features of the application in order to minimize the attack surface for brute force or passwords spray attacks...

When you see this message, you can check a few things within your environment to ensure your gatekeeper is operating properly. Go to the Specops Authentication Gatekeeper and check your Gatekeeper tab to see the overall connectivity. This article will go over several common scenarios in which this may happen The service is stopped If...

In certain environments, external users or contractors may be configured with a non-corporate email address in the ‘mail’ attribute (for example, a company email for the contractor organization or a personal/private email address). These users cannot use the Email Identity Service in Specops Authentication (uReset, Secure Service Desk Quick verification) as the Email Identity Service...

Enrollment data in AD is locked down with a default permission set that should be sufficient for all Specops Authentication products to function. Use the instructions provided here only on guidance from Specops Support staff. The following PowerShell commands can be used to grant a group full access to all SpecopsAuthentication leaf objects in Active...

Note: This does not require a license for secure service desk to use this feature. The ability to look up enrollment info and user details is necessary for troubleshooting issues within the Specops Authentication platform. Ensure you are a member of the “Specops Service Desk Agents” security group, which can be done from Active Directory...

In order to use Kerberos in Specops Authentication, you will need to uninstall the Specops Authentication Gatekeeper and the Specops Authentication Gatekeeper Administration applications and then install a new instance of each gatekeeper in your environment and use a Group Managed Service Account (gMSA). This is recommended as Microsoft will start phasing out NTLM. It...

After upgrading, you may notice this message pop up: This can happen for several reasons. Stale gatekeeper that no longer exists In this instance you will go to active directory with and enable these 2 options: Then navigate here and delete the server name of the stale gatekeeper under the gatekeepers container: The Specops Authentication...