ESET Online Help

Search English
Select the topic

AD FS

ESA is a great choice for security if you are using Active Directory Federation Services (AD FS) 3 or later and want to secure it with 2FA.

During the installation of ESA on the computer running AD FS, select the AD FS component and complete the installation.

installer-adfs-component-selected

 

During the installation of AD FS, configuration is modified - the ESET Secure Authentication authentication method is added and if no location is specified both Intranet and Extranet locations will be included. The image below shows the configuration changes with the Intranet location selected before installation of the AD FS component of ESA.

adfs_configuration

 

When the installation is complete, open the ESA Web Console, navigate to Components, click AD FS and you will see the 2FA is enabled and Allow non 2FA options enabled.

adfs_2fa_on

 

If a website requiring authentication verifies the identity against AD FS, and 2FA protection through ESA is applied to the specific AD FS, you will be prompted to type an OTP or approve the push notification or authenticate via FIDO after successful verification of identity:

esaadfs_otp-and-push

OTP required (on the left); Approval of push notification required (on the right)


note

Custom logo

If you want a custom logo to be displayed on the screen waiting to type OTP, or approve a notification instead of the default ESET Secure Authentication logo, follow the steps below. All the steps are performed on the computer where compatible ESA component (Web App plugin, AD FS protection, Identity Provider Connector) is installed.

1.Save the desired logo as a .png image file. Recommended maximum dimension is 350px x 100px (width x height).

2.Place the logo to C:\ProgramData\ESET Secure Authentication\Customization\ and name it "logo.png".


note

Internet Explorer

Internet Explorer version 9 and 10 are supported web browsers.