is it possible to allow a user to enroll for both options, or even only one option out of the two available?
I would like to give my users the choice to use either. Some users may not want an authenticator, but other's might do.
Unfortunately, there is no such possibility. Users will have to use all the options configured in the Password Self-Service Policy effective for them.
As a solution, you can have multiple policies with only specific options enabled and assign them to users accordingly.
Like remove all users from full access other than User1, User 2, & User3?
When we deprovision a user the member of groups are deleted and the power shell scrips only runs as removing all memberships. I can't see what was removed. Is there a scrips I can run prior to removing those memberships that will e-mail what they are?
Is there a way to allow users to either answer the self-service reset questions OR get an SMS/Email verification? I can see how to set a policy for either one, but is there any way to enable an end user to choose which to use?
An authenticator app can be reset for a user with the help of the Reset multifactor authentication operation in Adaxes Web Interface or Administration Console. In the Web ... can also use the Change device option. For details, see Reset Authenticator App.
There is a script to indicated if a user is a member of any listed groups. Is it possible to have a version of the script that checks a group or member of any nested group? Current script page: https://www.adaxes.com/script-repositor ... s-s294.htm