Two-factor authentication

To increase security, when signing in to the ESET Business Account (EBA) portal, a one-time password (OTP) is generated. It must be supplied after the user has successfully authenticated using their general access credentials.

Two-factor authentication (2FA) can be enabled per company or user.


note

2FA for all users

If you enable 2FA for all users and log out from the EBA portal, on the next login attempt, you must complete the 2FA activation process (you cannot cancel the process once it has started), or your user account will be locked out of the EBA portal.

Third-party authentication apps are also supported.

Supported authentication clients

2FA works with authentication clients which support the required TOTP protocol. We have tested the following client apps:

Google Authenticator

Microsoft Authenticator

Authy

Enable 2FA per company

Navigate to Settings > Security, and enable the slider bar next to Require Two-Factor Authentication for all users.

Enable 2FA per user

Navigate to User management, click a user, select Edit, scroll down, and enable the slider bar next to Two-factor authentication.

Users can enable 2FA in their EBA profile by turning on Two-factor authentication.

Set up 2FA

If users activate 2FA, the setup process starts immediately. Users can continue or cancel the setup process. Start with step 2 in the process below.

If 2FA is enabled through User management, the user must set up 2FA on their next login attempt. The setup cannot be canceled.

1.Click Setup.

2.If you want to use the ESET Secure Authentication (ESA) mobile app and have not installed it yet, install and activate the ESA mobile app.

3.To use a third-party authentication app, click Use a different authentication app.

4.Open the mobile app, tap the + icon, and scan the QR code displayed on the EBA portal page.

5.In the EBA portal, click Continue.

6.Generate a one-time password in the mobile app. (If using ESA mobile app, tap the button displaying the company name of your EBA portal).

7.On the Enter One Time Password page, enter the one-time password in the blank field and click Authenticate.

8.Click Finish.


important

Backup codes

After successfully activating 2FA, you will receive a set of backup codes in an email. You can use the backup codes if your mobile device where ESET Secure Authentication (ESA) mobile app is activated is not available. Keep your backup codes safe. You can resend the backup codes to your email address from your EBA profile by clicking Send next to Send backup codes.

Installation and activation of ESA mobile app

1.In the EBA portal, click Activate via link.

2.Visit the displayed link and tap Add account.

3.When redirected to the application center of your mobile phone's operating system, install the application.

4.Open the application, review the license agreement, and tap I accept.

5.We recommend that you set a PIN to protect the mobile application from unauthorized access. To set your PIN, tap Yes when prompted, type your PIN into the New PIN and Confirm PIN fields and then tap OK.

6.Click Continue on the EBA portal page.

7.If a new token has not been added to the ESA mobile app, tap the menu icon, and select Get Tokens.

8.Generate a one-time password in the mobile app. (Tap the button displaying the company name of your EBA portal).

9.On the Enter code page, enter the one-time password in the blank field and click Authenticate.

10.Click Finish.

Remember my device

2FA-enabled users can authorize their device not to request 2FA for every login.

1.At the EBA login page, type in your username and password, press Log in.

2.Generate a one-time password in the mobile app. (If using ESA mobile app, tap the button displaying the company name of your EBA portal).

3.Enter the one-time password in the blank field.

4.Select Remember my login on this device, click Log in.

Forget all remembered devices

1.In the EBA portal, click your name.

2.In the Security section, click Forget next to Forget all remembered devices.

The superuser can delete the list of all remembered devices for all user accounts.

1.In the EBA portal, click Settings.

2.In the Security section, click Forget all remembered devices > Forget.

Resend backup codes

If a user needs new backup codes for two-factor authentication, the superuser can resend the backup codes as follows:

1.In the EBA portal, click User management.

2.Click the particular user, and then click Edit.

3.Next to Send backup codes, click Send.

Reset two-factor authentication

If a user loses the mobile device he or she used to authenticate with and needs to set up 2FA again, the superuser can reset the 2FA settings as follows:

1.In the EBA portal, click User management.

2.Click the particular user,and then click Edit.

3.Next to Reset Two-Factor Authentication, click Reset.


note

Reset 2FA for admin or superuser account

Administrators (users with write permissions regarding Company access) cannot reset their 2FA setting. They have to ask the superuser to do it.

To reset 2FA for your superuser account, deactivate 2FA in your EBA profile, and activate it again.

Deactivate two-factor authentication

If 2FA is enabled per company, all users are forced to use 2FA, and it cannot be deactivated per user.

If 2FA was enabled per company but later disabled in Settings, it will remain active for users registered thus far. However, users can deactivate it in their EBA profile.


note

Requirements to deactivate 2FA

To deactivate 2FA, you are required to provide:

Your ESET Business Account portal password.

One-time password or backup code if you click Use backup code in the dialog.