ManageEngine Introduces Two-Factor Authentication Support for macOS Logons

ADSelfService Plus Secures Network Resources, Requires Mac Users to Prove Their Identities.


  • Compliance: Complies with NIST SP 800-63B, NYCRR, FFIEC, GDPR and HIPPA regulations
  • Flexibility: Uses OU and group-based policies to enforce 2FA to specific users or all users
  • Stringent second factors: Uses advanced authentication techniques including fingerprints, Google Authenticator and DUO Security

Passwords are the first, and for many organizations, the only line of defense protecting sensitive and privileged resources from unauthorized access. However, users often create and reuse weak passwords across critical enterprise accounts, making these accounts easy targets for cyber criminals. Enabling 2FA protects network resources against unauthorized access by double checking user identities, requiring both a traditional username/password combination and a second authentication factor, such as a one-time password (OTP), sent via email or SMS.


With 2FA enabled, users have to successfully authenticate themselves twice to access their macOS machines. Users are authenticated first through their Active Directory domain credentials, and next through one of the supported authentication techniques.

ADSelfService Plus supports SMS or email-based OTPs, DUO Security (via phone call or push notifications), RSA SecurID, RADIUS, security questions and answers, Google Authenticator, fingerprint authentication, QR-code based authentication and time-based one-time passwords (TOTPs) as second factors of authentication for macOS logons.