AD FS

ESA is a great choice for security if you are using Active Directory Federation Services (AD FS) 3 or 4 and want to secure it with 2FA.

During the installation of ESA on the computer running AD FS, select the AD FS component and complete the installation.

installer-adfs-component-selected

 

During the installation of AD FS configuration is modified - the ESET Secure Authentication authentication method is added and if no location is specified both Intranet and Extranet locations will be included. The image below shows the configuration changes with the Intranet location selected prior to installation of the AD FS component of ESA.

adfs_configuration

 

Once the installation is complete, open the ESA Web Console, navigate to Components, click ADFS and you will see the 2FA is enabled and Allow non 2FA options enabled.

adfs_2fa_on

 

If a website requiring authentication verifies the identity against AD FS, and 2FA protection through ESA is applied to the particular AD FS, you will be prompted to enter an OTP or approve the push notification upon successful verification of identity:

esaadfs_otp-and-push

OTP required (on the left);  Approval of push notification required (on the right)

If you want a custom logo to be displayed in the screen waiting to enter OTP ,or approve a notification instead of the default ESET Secure Authentication logo, follow the steps below. All the steps are performed on the computer where compatible ESA component (Web App plugin, ADFS protection) is installed.

1.Save the desired logo as a .png image file. Recommended maximum dimension is 350px x 100px (width x height).

2.Place the logo to C:\ProgramData\ESET Secure Authentication\Customization\ and name it "logo.png".

 

note

Note

Along the supported web browsers, Internet Explorer version 9 and 10 are also supported.