External Access

What will be available?

Authentication Server

oAccess to the Web Console

oComponents installed in Standalone mode can connect to the Authentication server using invitations

oCustom solutions utilizing API:

New API (ESA 2.8 and later) endpoints: /, /auth/v2, /manage/v2

Old API (ESA 2.7 and earlier) endpoints: auth/v1, manage/useres/v

Identity Provider Connector web page

Types of external access

VPN

Reverse proxy

Transparent proxy

After setting up a reverse proxy or transparent proxy, you have to configure ESA to use the external address for invitations and Identity Provider Connector.

Configure ESA for external access

To make the Authentication Server or Identity Provider Connector publicly available:

I.Authentication Server

Configure the external address to use invitations when installing ESA Components in Standalone mode.

1.In the ESA Web Console, navigate to Components > Invitations > Server Access.

2.Click Edit (pencil icon) under External Access.

3.Type in the external address with the port included, and press Enter.

4.If you do not want the Authentication Server's internal address included in the invitation details, select the corresponding check box.

5.Click Save.

II.Identity Provider Connector (IdP Connector)

1.In the ESA Web Console, navigate to Components > Identity Provider Connector > select a configured IdP connector, click Settings.

2.Change the Site URL to the external address where the Authentication Server is available.

3.Click Apply.

Multiple addresses for the Authentication Server

ESA components connect to the Authentication Server (AS) via the address indicated in the invitation.

To provide multiple addresses the components can connect to, follow the steps below.

Installation using the .EXE installer

1.When the component has been installed, open C:\ProgramData\ESET Secure Authentication\ESA.config.

2.Add <add key="AuthenticationServerAddress_Other" value="<desired_addresses>" /> right above </appSettings>.

3.Replace <desired_addresses> with the additional addresses of the AS, separate them with a semicolon.

4.Save the changes.

Silent installation (.MSI)

If you are using the .MSI installer, use the ESA_COMPUTER_CONFIG_AUTHENTICATION_SERVER_ADDRESS_OTHER argument to define the additional addresses of AS. Use a semicolon to separate multiple addresses.