0 votes

Hi,

Somehow I cannot enroll users anymore since the upgrade, I get this message:

"You cannot enroll for Password Self-Service because the policy effective for your account requires SMS verification, but you don't have the permissions necessary to update your mobile number."


The policy is set for mobile phone number verification (no security questions), the phone number is written to a custom property. The user self service security role has write permissions to this property...


Also, I disenrolled from the web interface, but the user still shows as enrolled in the adaxes console. If I click disenroll I get this message:


Anyone got any idea of what is going wrong?

by (110 points)
0

Hello,

The policy is set for mobile phone number verification (no security questions), the phone number is written to a custom property. The user self service security role has write permissions to this property...

Could you post here or send us (support[at]adaxes.com) a screenshot of your SMS Settings? To take the screenshot:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, right-click the service node and then click Properties in the context menu.
  3. Activate the SMS Settings tab.
  4. Take a screenshot. We need something like the following:

Also, I disenrolled from the web interface, but the user still shows as enrolled in the adaxes console. If I click disenroll I get this message:

Thank you for reporting the issue. It occurs because there is actually no possibility to disenroll a user from a Password Self-Service Policy that has the Security Questions & Answers option disabled. We will fix the issue in one of the future releases.

0

Here's the screenshot for the SMS settings:

1 Answer

0 votes
by (284k points)
selected by
Best answer

Hello,

It looks like you are using one of Adaxes custom attributes (e.g. CustomAttributeText1) to store mobile numbers for SMS notifications. By default, users do not have permissions to modify custom attributes of their own accounts which actually causes the issue. For information on how to grant the permissions, have a look at the following tutorial: https://www.adaxes.com/tutorials_SelfSe ... counts.htm.

For information on how to check which property has the display name Mobile Phone for Password Reset, have a look at the following help article: https://www.adaxes.com/help/?HowDoI.Man ... Names.html.

0

In the screenshot of my first post you can see that I have configured permissions to update the custom attribute. It was working fine before the upgrade to 2018.1, so I guess the problem must be somewhere else.

0

Hello,

Sorry for the confusion, but you also need to add the property to the form used for editing user accounts. For details, see section Customize Web Interface of the tutorial we referenced in our previous post: https://www.adaxes.com/tutorials_SelfSe ... counts.htm.

0

Yes indeed, this fixes the problem! Thanks!

Related questions

0 votes
1 answer

After we updated our site to 2018.1 suddenly the Password Self Service link is throwing an error: " Could not load file or assembly 'Softerra.Adaxes.Adsi, Version= ... . The system cannot find the file specified." Other interfaces are workin as expected.

asked Jul 20, 2018 by johnsonua (390 points)
0 votes
0 answers

Whether I try to run a script or manually run the commands to enroll users, users remain unenrolled. Example of a basic script: Import-Module ... ` -QuestionsAndAnswers @{$question1=$answer1;$question2=$answer2} -AdaxesService localhost Adaxes version 2021

asked Mar 27, 2023 by gwadmin (80 points)
0 votes
1 answer

I am attempting to write a powershell script that will enroll users in the self-service password system. However I would like to execute the new enrollment only if the user ... re-enrolling every time I send the command. I would love some assistance, thank you

asked Mar 6, 2015 by david.towle-hilt (70 points)
0 votes
1 answer

Hi there, We're preparing for the release of a Password Self-Service portal with Adaxes, essentially a scaled-down version of the selfservice portal with a customized ... the properties/conditions used to determine "person is not enrolled"? Thanks in advance!

asked Dec 30, 2011 by Kirk (60 points)
0 votes
1 answer

We have two on-prem domains; Domain A and Domain B. Domain A is our primary domain and syncs with Azure AD. Domain B contains accounts created for external ... user attempts to authenticate, they are only authenticating against the Domain B on-prem domain?

asked Apr 10 by awooten (80 points)
3,504 questions
3,196 answers
8,148 comments
547,418 users