Groups Based User Management

Keeping track of which users in your domain are activated for two-factor authentication becomes hard in large domains. To solve this problem, ESET Secure Authentication provides automatic bookkeeping for your 2FA users by means of Active Directory groups membership.

There are several Active Directory groups are created at installation time:

•ESA Users

The ESA Users group does not contain any users directly, but contains the ESA SMS Users, ESA Mobile Application Users, ESA Hard Token Users and ESA FIDO Users group. Transitive Group Membership may therefore be used to locate all 2FA users in your domain using this group.

•ESA SMS Users

The ESA SMS Users group contains all users in your domain that have been enabled for SMS OTPs

•ESA Mobile App Users

The ESA Mobile App Users group contains all users that have been enabled for mobile application OTPs.

•ESA Hard Token Users

The ESA Hard Token Users group contains all users that have been enabled for Hard Token OTPs.

•ESA FIDO Users

The ESA FIDO Users group contains all users that have been enabled for mobile application OTPs.

•EsaCoreAuthServices, EsaServices and ESA Admins store no real users. They are related to internal security of ESET Secure Authentication.

Group membership is updated in real-time when users are configured in the ADUC or ESA Web Console. Finding all users that have been enabled for SMS OTPs (for example), is simple:

1.Launch the ADUC

2.Right-click your domain node, and select Find

3.Type in "ESA SMS" and hit Enter - the group will be displayed in the Search Result section

4.Double click the group and select the Members tab to view all users in your domain that have been enabled for SMS OTPs.