Reference Material | Administrator Enrollment

Specops Authentication for uReset allows administrators to enroll users to the system, without requiring users to go through the enrollment process. This can be achieved with any identity service that has identifier information stored in Active Directory.

  • Before using this guide, you need:
  • Basic knowledge of PowerShell
  • PowerShell 4.0 or later
  • Specops Authentication for uReset configured with an active Gatekeeper
  • Specops Authentication for uReset admin group membership
  • The Specops Authentication for uReset PowerShell module – installed with the administration tools (C:\Windows\system32\WindowsPowerShell\v1.0\Modules\uReset.Gatekeeper)

The cmdlets can be used by administrators when managing users, or enrolling them in batches in Specops Authentication for uReset.

To import the module, run the following command in PowerShell on your Gatekeeper server:

import-module specops.authentication.gatekeeper


Takes the parameters Username, IdentityServiceId, and EnrollmentProof. Can be used to enroll with all identity services except: Secret Questions, Duo Security, Specops Fingerprint, Authenticators, Manager Identification, Symantec VIP, Facebook, LinkedIn, and Windows Identity.
Use the Get-SpecopsAuthenticationIdentityServices cmdlet to find the IdentityServiceId of your Identity Service.

Usage example:

Add-SpecopsAuthenticationIdentityServiceEnrollment -Username mySamAccountName -IdentityServiceId Tumblr -EnrollmentProof MyTumblrAccount


Takes the parameters Username, Answers and Language. Language is an optional 2-digit language code. Answers takes an array of questions and answers.

Usage example:

$questionsAndAnswers = @{"Question"="Who are you?"; "Answer"="No one"},@{"Question"="Why are you here?"; "Answer"="I am not"}
 Add-SpecopsAuthenticationQuestionsEnrollment –Username mySamAccountName –Answers $questionsAndAnswers


Lists the identity services that a user is enrolled with.

Usage example:

Get-SpecopsAuthenticationEnrollment -Username mySamAccountName


Lists all identity services available in your Specops Authentication subscription.

Usage example:



Removes all enrolled identity services from a user, except automatically enrolled ones, like Windows Identity, Duo Security, Manager Identification or Symantec VIP.

Usage example:

Remove-SpecopsAuthenticationEnrollment -Username mySamAccountName


Removes an identity service enrollment from a user.

Usage example:

Remove-SpecopsAuthenticationIdentityServiceEnrollment -Username mySamAccountName -IdentityServiceId Fingerprint