Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Specops Authentication

Enrolling Admin Accounts and Troubleshooting AD Permissions Issues Affecting Enrollment

When a user is enrolling in uReset or Specops Authentication, they might receive one of the following error messages: Your organization’s server is not configured properly to access your account Unable to write enrollment data due to your account being a member of an elevated group. When this happens, this indicates the Specops Authentication Gatekeeper...

Enabling Email Notifications from Specops Authentication

Email notifications sent from the Specops Authentication platform (uReset, Secure Service Desk, Key Recovery) must be sent from an email address in the customer domain or if you use your own SMTP settings, you are only limited by what addresses your SMTP server can send to. Custom SMTP settings – use your own email provider...

Unable to Delete Users with Leaf Objects

Specops Password Policy, Password Reset, and uReset/Specops Authentication all use leaf objects under user accounts for the purposes of storing user specific information — for Password Policy this includes password history and length-based password age information; for Password Reset and uReset/Specops Authentication the leaf object contains user enrollment data. The advantage of using a leaf...

Moving Specops Authentication Mobile Numbers to a Custom Attribute

By default, when a user is enrolled in the mobile code (SMS) identity service, the mobile number entered by the user is stored in the mobile attribute on the user’s account in AD.  In some organizations this may not be ideal, as the phone number becomes visible to users in the other applications (e.g. Exchange/Office...

Error Saving Identity Service Configuration

When configuring third party identity services (e.g. Duo, Okta, Verify, PingID, Symantec VIP) you may encounter an error after saving the configuration in the Identity Services section of the Specops Authentication Admin Web That shouldn’t happenSomething went wrong, an unexpected error occurred on your organization’s server. If you check the Specops event log under Applications...

Enabling uReset Password Reset for Active Directory Admin Accounts

The Specops Authentication Gatekeeper Server responsible for writing enrollment information and resetting passwords in AD runs as a low-privilege service account. By default it will not have reset passwords for admin accounts in Active Directory protected by adminSDHolder. For issues with during enrollment see the following knowledge base article: https://specopssoft.com/knowledge-base/specops-ureset-8/enrolling-admin-accounts-troubleshooting-ad-permissions-issues-affecting-enrollment/ If you have already completed...

Specops Authentication Configuration Hardening Guide

Specops Authentication services (uReset, Secure Service Desk, Key Recovery) run on public cloud infrastructure and by default are accessible from anywhere on the internet. We offer several features that can enable admins to restrict access to certain features of the application in order to minimize the attack surface for brute force or passwords spray attacks...

It looks like the connection to your organization’s server is down.

When you see this message, you can check a few things within your environment to ensure your gatekeeper is operating properly. Go to the Specops Authentication Gatekeeper and check your Gatekeeper tab to see the overall connectivity. This article will go over several common scenarios in which this may happen The service is stopped If...

Enroll Users with Non-Corporate Email Addresses in Personal Email

In certain environments, external users or contractors may be configured with a non-corporate email address in the ‘mail’ attribute (for example, a company email for the contractor organization or a personal/private email address). These users cannot use the Email Identity Service in Specops Authentication (uReset, Secure Service Desk Quick verification) as the Email Identity Service...

Force Un-enrolling a User

*Please note doing this will not remove any auto enrolled methods such as email or mobile code. This can be done by deleting the leaf object under the user in Active Directory. You can do this by ensuring the following settings are enabled: After the settings are enabled, locate the user you would like to...
Next Page »