Two-Factor Authentication for your Active Directory users

Two-Factor Authentication with SecSign ID

Use two-factor authentication for all your users without having to synch your data. The only way to really protect your company infrastructure.


Find out why our Two-Factor Authentication is the best, some key-facts for developers and why you should upgrade to SecSign for your business.

Learn more about the options of on-premise use and your own customized ID App in your corporate design.

Download the plugin as cloud version for a free and convenient protection.


Questions? Feel free to get in touch with us if you need help setting up your SecSign ID plugin or to request a plugin for a not yet supported environment.

Generate SecSign ID user names in the Active Directory

ACTIVE DIRECTORY SCHEMA EXTENSION FOR SECSIGNID

The Active Directory can be edited using mmc.exe which is part of Windows Server 2012. The Snap-in „Active Directory Schema“ is initially not available in mmc.exe, but can be added by running regsvr32 schmmgmt.dll in a console with administrator rights:

Then, mmc.exe should be started. The search function integrated into Windows Server 2012 will find it. The entry Add/Remove Snap-in in the File menu of mmc.exe opens a dialog containing the entry Active Directory Schema. This entry should be selected and added to the Console Root on the right, followed by a click on OK:

Selecting the Attributes node and choosing Create Attribute… from its context menu will display the following dialog.

Here, a „SecSign ID“ attribute has to be created with:

  • Common Name: SecSign ID
  • LDAP Display Name: secSignID
  • Unique X500 Object ID: 1.3.6.1.4.1.15027.4.1
  • Description: SecSign ID user name
  • Syntax: Unicode String
  • Minimum: 4

Then, the Properties entry in the context menu of the user entry below the Classes node will display this dialog.

The optional attribute secSignID created in the step before has to be added here.
Now the Active Directory schema is ready and the Windows administrator may add the actual SecSign ID user name to each user. The following Power Shell command assigns the SecSign ID user name paulsmith to the Windows user paul:

To query the user’s SecSign ID:

To delete the SecSign ID:

In larger installations there may be tool allowing the users to edit this value in the Active Directory themselves.


Need help?

Looking for detailed manuals to cover all the features and functionality of SecSign ID and SecSign Portal? Check out the Technical Whitepaper to access complete instructions on how to get the most out of your SecSign products.

Do NOT follow this link or you will be banned from the site!