Usage

The same 2FA process is followed for all supported Web Apps.

The operation of the Web Application Protection module can be verified as follows:

1.A user that has ESA 2FA enabled in the ADUC management tool is required for testing. The user must also be allowed to access the Web App.

2.Open the Web App in a desktop browser and authenticate as normal using the Active Directory credentials of the test user.

3.The ESA authentication page should now appear, as per the figure below. The Remote Desktop Web Access plugin on Windows Server 2008 and the Microsoft Dynamics CRM 2011 plugin will not display the "Cancel" button.

4.The ESA authentication page should now appear, as per the figure below. The Remote Desktop Web Access plugin on Windows Server 2008 and the Microsoft Dynamics CRM plugins will not display the "Cancel" button.

web-app-otp-page-1

 

a.If the user is enabled for SMS OTPs, an SMS will be sent containing an OTP that may be entered to authenticate.

b.If the user has installed the ESA mobile application on their phone, it may be used to generate an OTP to authenticate. OTPs are displayed in the mobile application with a space between the 3rd and 4th digits in order to improve readability. The Web Application Protection module strips whitespace, so a user may include or exclude whitespace when entering an OTP without affecting authentication.

c.If the user has installed the ESA mobile application on their phone and is allowed to use both OTP and Push authentication, the screen will indicate approval of a push notification or prompt the user for an OTP. Alternatively, the user can proceed to OTP authentication by taping Enter OTP.
web-app-push-approval-required

5.If a push notification is approved or a valid OTP is entered, the user will be redirected to the page they originally requested. The user will then be able to interact with the Web App.

6.If the push notification is not approved in 2 minutes, the user will be redirected to a page requesting an OTP. If an invalid OTP is entered, then an error message will be displayed and the user will not be allowed access to the web application, as per the figure below.

web-app-otp-page-2

 

If you want a custom logo to be displayed in the screen waiting to enter OTP ,or approve a notification instead of the default ESET Secure Authentication logo, follow the steps below. All the steps are performed on the computer where compatible ESA component (Web App plugin, ADFS protection) is installed.

1.Save the desired logo as a .png image file. Recommended maximum dimension is 350px x 100px (width x height).

2.Place the logo to C:\ProgramData\ESET Secure Authentication\Customization\ and name it "logo.png".