To update to a later version, see upgrade installation.


Fixed: Port availability prerequisite fails

Fixed: Do not use PowerShell in Elasticsearch setup

Fixed: AD FS managed service account incorrectly cut to 15 characters

Fixed: Implement parallel DNS requests

Fixed: FIDO - allowCredentials - inconsistency between core and Windows Login


Fixed: Reporting Engine component which is based on a 3rd party component Elasticsearch that might have been partially affected by the vulnerability of log4j


Added: Support for RDP Web Client (HTML5)

Added: Grouping of Exchange OWA/ECP

Improved: Description of certified hash

Improved: FIDO PIN is no longer visible (as plain text) in windows logins

Changed: RADIUS challenge wording to easily readable format

Fixed: Reported Error 500 issue

Fixed: Issue when MSCHAPV2 authentication failed

Fixed: Issue with SMTP authentication

Fixed: Issue with 2FA in Exchange 2010 in special cases

Fixed: Issue when ESA RADIUS does not respond when setting "name from distinguished name" for memberOf

Fixed: Invalid domain name obtained if DNS suffix is set

Fixed: RADIUS - Checking of group membership

Fixed: Various other bug fixes


Added: Offline license activation warning

Improved: users can use FQDN or NetBIOS domain name by authentication

Fixed: Issues with data export in AD mode

Fixed: Issues leading to Error 500 in OWA

Fixed: Iissue when exchange users without mailbox could log in without 2FA

Fixed: Windows Login component no longer shows outdated information about remaining logins

Fixed: Issues when other than the English language used in Windows related to FIDO

Fixed: Issue when VPN server stopped communicating with RADIUS component

Fixed: Issue with self-enrollment when using FIDO

Fixed: Issue when logging to OWA

Fixed: Issue with first-factor validation in RADIUS

Fixed: Various other improvements and bug fixes


Added: Support of SharePoint users stored in ASP.Net Membership Database

Fixed: Two-factor authentication at Windows login fails if the domain controller is unavailable


Added: Android app screen capture protection

Added: Hard tokens - support for base32 secret

Changed: Update to End User License Agreement

Improved: Authentication when using RADIUS

Improved: Support for FIDO keys in Windows Logins

Improved: Security of custom delivery options

Improved: TLS compatibility and support

Improved: Strict character limitations for account name, email, and display name were increased

Improved: Dozens of other performance, usability, and security improvements

Fixed: Multi actions in ESA web console sometimes change also not selected items

Fixed: Various updates and fixes to the Identity connector

Fixed: Occasional connectivity loss to Elastic search engine (reports)

Fixed: Domain controller issues after restart

Fixed: Users deduplication

Fixed: Problem with the invalid phone number when using custom delivery option

Fixed: SMTP connection fails if a server does not support any authentication

Fixed: Password change in Windows logins

Fixed: "Show password" icon missing in Windows Logins

Fixed: Issues with importing encrypted hard tokens


Added: Major performance improvements (Authentication requests)

Added: Support for external databases (MSSQL, PostgreSQL) in standalone mode

Added: Ability to have multiple ESA servers in standalone mode (HA)

Added: New integration options with new ESA Identity Connector component

Added: Support for native biometric in mobile operating systems (for example, Touch ID) in addition to PIN code in mobile apps (iOS, Android)

Added: Notification center

Added: FIDO support in Windows Logins

Added: Additional approval when logging in from a new location

Added: Ability to export database data

Added: Invitation capabilities now support external IP address

Added: Customizable user attributes (email and display name)

Added: Custom VPN attributes

Added: New filtering options and improvements

Added: Sorting in tables

Added: Rows counts

Added: New script when working with RADIUS clients

Added: Remote Desktop Gateway RADIUS integration manual

Added: Support for Elasticsearch v 7.x

Added: Support for iOS 13

Added: Support for Android 10

Added: Support for Windows 10 (November 2019 Update)

Added: New API methods added to the documentation

Added: Ability to COPY/PASTE OTP in mobile apps

Improved: Major mobile apps (iOS, Android) UI refresh

Improved: Invitations capabilities now support external IP address

Improved: Documentation focused on making ESA server accessible from a public internet connection

Improved: Dependence on mobile number deprecated

Improved: OTP via email

Improved: More usable Master Recovery Key

Improved: "Allow non-2FA" setting added to dashboard

Improved: Completely reworked UI including new wizard

Improved: User status icons in the dashboard can be used to filter specific problems

Improved: Dozens of other performance, usability, and security improvements

Improved: AD FS - add support for server farms with a common database

Improved: Windows 10, build 1709 and later does not require 2FA by user first logon when automatic login is enabled, and 2FA for unlocking is not set

Fixed: Windows Login credential provider activates itself on the RDP client when not needed

Fixed: User duplication due to multiple Domain controllers or multiple ESA servers in some cases

Fixed: Under some circumstances, the user is logged out of the console in 2 minutes

Fixed: Under some circumstances, offline login in Windows logon breaks after auto-synchronization

Fixed: The "Settings" window of the ESA app is not opened after opening an incorrect provisioning link in "SMS" when the app's PIN is created

Fixed: Remote Web Access on Windows Small Business Server 2011 does not work

Fixed: Android - The "New Login Request" dialog doesn't appear if you open the ESA app before approving the PUSH notification from the notification area

Fixed: Some connections still do not respect proxy settings

Fixed: RDP - ESA registers any user name if a password is not provided

Fixed: Uninstall does not work if permissions for ESA.config are missing

Fixed: Android - ESA application doesn't launch on Meizu M3s (5.1)

Fixed: Phone number message - accept spaces

Fixed: Windows Login - Internal Server error when too many OTPs sent to offline cache

Fixed: Android app icon is not shown in the list of installed apps and in-app details

Fixed: Active directory locked state not correctly retrieved from Active Directory

Fixed: Multiple other smaller feature and security improvements