What is our primary use case?
The biggest use case is that we needed something to support our password-change policy on mobile devices. It is easy and straightforward for our in-house employees to change their login credentials but it is different for our mobile users. This is in part because some of our mobile users never come back into the office.
The specific challenge that we needed to solve was first providing the ability for mobile users to change passwords on their laptops, but in addition, have those credentials cached so that they could then use them remotely.
How has it helped my organization?
This solution has improved our security because our users can now change passwords on the fly.
What is most valuable?
The most valuable feature is the ability for remote users to change their login credentials using their mobile devices when out of the office. Users are required to changed their passwords on a periodically. Through the use of ADSelfService Gina service, they can change their password through Active Directory while outside their office and have the locally cached password on their laptop/desktop change at the same time. This keeps their AD and locally passwords in sync.
What needs improvement?
The setup process needs to be improved and made easier for the remote component because it is extremely difficult. Getting the VPN to work, based on the end user's configuration, took a very long time. It took weeks to get it properly set up to work successfully.
The worst part is that the solution can only be installed or updated on a device if it is physically connected to the local network. I can't even use their software, Desktop Central, to deploy it to a remote device. Consequently, I had to call in 150 people to physically bring in their laptops and install this on their machine.
Similarly, when a new version is released, I can't update it without getting these devices back in-house again. This is not only for cases where updates are those that the vendor releases but also with any changes that we make to the configuration. For example, if we made a change in the policy that modified it from 180 days to 190 days, they would not get that policy update until they physically connected to our network. The need to be plugged in and have a local subnet address in order for the change to be pushed.
With respect to maintaining security, I feel that it would be better to push software or updates out to a remote device, so that they are fully up to date at all times, rather than having to wait for people to visit the office and use outdated software in the interim. It can take perhaps four months to get somebody back into the office, which is a long time to use an outdated security product.
The main point of this solution was to have our remote users change their password within the timeframe that we specify in the security policy. So, it makes little sense that you can't install the software or push updates out to remote users.
For how long have I used the solution?
We have been using ManageEngine ADSelfService Plus for about a year and a half.
What do I think about the stability of the solution?
The stability is great. We have had no issues and it works flawlessly for the most part.
What do I think about the scalability of the solution?
Scalability-wise, I don't think that there are going to be any issues with it. We keep hiring and pushing it out to more and more people. We'll never hit the 10,000 user mark so we don't know about that kind of scale but for our 500 or so users, it has not been an issue.
How are customer service and technical support?
The technical support is hit-or-miss. Sometimes you get somebody who really knows what they are doing and can solve your problem in five minutes. At other times, you get somebody and you can't even understand what they are saying. In cases like this, it takes two or three weeks to resolve the problem.
It is like this with most support systems, so it is not really a surprise.
I have resigned myself to using the chat feature for support. It takes a little bit longer but I can typically get a better answer and a more comprehensive response because I don't have to ask people to repeat themselves. It has worked out better for me, regardless of the increase in the time it takes. Overall, I have had more resolved using chat than with phone calls.
Which solution did I use previously and why did I switch?
We did not use another solution prior to ADSelfService plus. It was part of our change in security posture over the past couple of years. Our struggle was finding a product that could do what we needed to do at our price point.
How was the initial setup?
My understanding is that the initial setup and working with the configuration is not terribly difficult. It is fairly simple and fairly straightforward. The difficulty was having the software open a VPN through the SonicWALL firewall to create a NetExtender session, then allow the password to be changed on our system and finally cached on the laptop. It is an awesome feature to have but very difficult to set up.
The basic deployment to have the system work internally was easy and quick to do. It was an out-of-the-box solution. On the other hand, getting all of the remote users configured properly took us weeks to do.
What's my experience with pricing, setup cost, and licensing?
Using this solution costs us about $1,200 USD per year. It is hard to beat $100 USD per month. There are no costs in addition to the standard licensing fees.
What other advice do I have?
In order to better handle the pushing of updates to our more distant remote employees, I undertook a plan that is not supported by the vendor. I was able to set up a specific VPN connection to my cloud server for each of my remote offices, and then have the employees appear at one of those physical locations in person. Originally, they had to come back to this specific office and use our internal network.
Overall, this product is good if you have the patience to deal with the setup. My advice to anybody who is considering this solution is to first look at the whitepaper and ensure that what you are using for a VPN is compatible with the product. We were lucky in that they support the NetExtender VPN client that comes with SonicWALL. If you don't verify this then you might be disappointed to learn that the software works but it cannot be integrated with your firewall. Essentially, do your due diligence.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?