AD FS
ESA is a great choice for security if you are using Active Directory Federation Services (AD FS) 3 or later and want to secure it with 2FA.
During the installation of ESA on the computer running AD FS, select the AD FS component and complete the installation.
During the installation of AD FS, configuration is modified - the ESET Secure Authentication On-Prem authentication method is added and if no location is specified both Intranet and Extranet locations will be included. The image below shows the configuration changes with the Intranet location selected before installation of the AD FS component of ESA.
When the installation is complete, open the ESA Web Console, navigate to Components, click AD FS and you will see the 2FA is enabled and Allow non 2FA options enabled.
If a website requiring authentication verifies the identity against AD FS, and 2FA protection through ESA is applied to the specific AD FS, you will be prompted to type an OTP or approve the push notification or authenticate via FIDO after successful verification of identity:
OTP required (on the left); Approval of push notification required (on the right)
|
Custom logo If you want a custom logo to be displayed on the screen waiting to type OTP, or approve a notification instead of the default ESET Secure Authentication On-Prem logo, follow the steps below. All the steps are performed on the computer where compatible ESA component (Web App plugin, AD FS protection, Identity Provider Connector) is installed. 1.Save the desired logo as a .png image file. Recommended maximum dimension is 350px x 100px (width x height). 2.Place the logo to C:\ProgramData\ESET Secure Authentication On-Prem\Customization\ and name it "logo.png". |
|
Internet Explorer Internet Explorer version 9 and 10 are supported web browsers. |