End-user

Specops Secure Service Desk end-users have to be pre-enrolled with the identity services required for identification. In most cases this means that certain attributes in Active Directory need to have been defined before a user can identify with the identity service in question. Please refer to the Pre-enrollment section below to see what the pre-enrollment requirements are for the most common identity services.

Note that customers using Specops uReset can use existing multi-factor authentication enrollments defined in their uReset policies. These can include identity services other than the ones listed below.

Pre-enrollment

The list below includes the most common identity services used with Specops Secure Service Desk and their pre-enrollment criteria. More information on identity services can be found in the Reference Material section.

  • Email
    Pre-enrollment requirements: the user’s email address must be defined in the email attribute in Active Directory, or in another attribute if that attribute has been defined in the settings for Email in Authentication Web. For more information, see here (Identity Services section).
  • Mobile Code
    Pre-enrollment requirements: the user’s mobile phone number must be defined in the mobile attribute in Active Directory, or in another attribute if that attribute has been defined in the settings for Mobile Code in Authentication Web. For more information, see here.
  • Manager Identification
    Pre-enrollment requirements: the user account must have a manager assigned to them in Active Directory, and that manager must have an email address/mobile phone number associated with their account in Active Directory, to be able to receive authentication requests from users. For more information, see here.
  • Okta Verify
    Pre-enrollment requirements: the user’s UPN must be mapped to the Okta user profile attributes. For a full description on how to do that, see here.
  • DUO Security
    Pre-enrollment requirements: the user must be enrolled with DUO, and DUP must be linked to Specops Authentication. For more information, see here.
  • Symantec VIP
    Pre-enrollment requirements: Symantec VIP must be linked to Specops Authentication. For information on how to do that, see here.
  • Mobile Bank ID
    Pre-enrollment requirements: the user’s social security number must be defined in Active Directory.
  • EFOS/SITHs
    Pre-enrollment requirements: the user’s HSA ID has to be defined in Active Directory, and in the settings for EFOS/SITHs, the name of the attribute in Active Directory where that ID is stored has to be defined. For more information, see here.