ESA is a great choice for security if you are using Active Directory Federation Services (AD FS) 3 or later and want to secure it with 2FA.

During the installation of ESA on the computer running AD FS, select the AD FS component and complete the installation.



During the installation of AD FS, configuration is modified - the ESET Secure Authentication authentication method is added and if no location is specified both Intranet and Extranet locations will be included. The image below shows the configuration changes with the Intranet location selected prior to installation of the AD FS component of ESA.



Once the installation is complete, open the ESA Web Console, navigate to Components, click AD FS and you will see the 2FA is enabled and Allow non 2FA options enabled.



If a website requiring authentication verifies the identity against AD FS, and 2FA protection through ESA is applied to the particular AD FS, you will be prompted to enter an OTP or approve the push notification or authenticate via FIDO upon successful verification of identity:


OTP required (on the left); Approval of push notification required (on the right)


Custom logo

If you want a custom logo to be displayed in the screen waiting to enter OTP, or approve a notification instead of the default ESET Secure Authentication logo, follow the steps below. All the steps are performed on the computer where compatible ESA component (Web App plugin, AD FS protection, Identity Provider Connector) is installed.

1.Save the desired logo as a .png image file. Recommended maximum dimension is 350px x 100px (width x height).

2.Place the logo to C:\ProgramData\ESET Secure Authentication\Customization\ and name it "logo.png".


Internet Explorer

Internet Explorer version 9 and 10 are supported web browsers.