Overview

ESET Secure Authentication (ESA) adds Two Factor Authentication (2FA) to Microsoft Active Directory domains or  local area network, that is, an one-time password (OTP) is generated and has to be supplied along the generally required username and password, or a push notification is generated and has to be approved on the user's cell phone running Android OS, iOS or Windows once the user has successfully authenticated using their general access credentials.

Push notifications require Android 4.0.3 and later along with Google Play services 10.2.6 and later, or iOS.

The ESA product consists of the following components:

The ESA Web Application plug-in provides 2FA to various Microsoft Web Applications.

The ESA Remote Desktop plug-in provides 2FA for the Remote Desktop Protocol.

The ESA Windows Login plug-in provides 2FA for Windows computers.

The ESA RADIUS Server adds 2FA to VPN authentication.

The ESA Authentication Service includes a REST-based API that can be used to add 2FA to custom applications.

ESA Management Tools:

oESA installed in an Active Directory environment:

ESA User Management plug-in for Active Directory Users and Computers (ADUC) is used to manage users.

ESA Management Console, titled as ESET Secure Authentication Settings,  is used to configure ESA.

important

2FA enabled for Domain Admin user

If a Domain Admin user has 2FA enabled during their ESA 2.7.x or 2.8.x upgrade, access to the Active Directory Users and Computers > ESET Secure Authentication screen and ESA Management Console will be removed. The ESA Web Console must be used instead.

Alternatively, allow to access the Web Console (applies also to Management Tools) through IP address whitelisting, or disable 2FA for the Domain Admin user, create another user with 2FA disabled and add the user to the ESA Admins group, or disable 2FA for the ESA Webconsole.

ESA Web Console, an all-in-one management tool, can also  be used to configure ESET Secure Authentication and manage users.

oESA installed in standalone mode:

ESA Web Console, an all-in-one management tool, is used to configure ESET Secure Authentication and manage users.

If ESA is installed in an Active Directory environment, it stores data in the Active Directory data store. Since ESA data is automatically included in your Active Directory backups, there is no need for additional backup policies.