Usage

The operation of the Remote Desktop Protection module can be verified as follows:

A user that has ESA 2FA enabled in the ESA Web Console, and has access to the remote computer, is required for testing. In an Active Directory environment, a domain user that has ESA 2FA enabled and is added as an allowed Remote Desktop user on the remote computer, is required for testing.

A computer that has Remote Desktop Access enabled is also required.

1.Connect to the remote computer using a Remote Desktop client, and authenticate using the login credentials of the test user.

2.The OTP prompt screen should now appear, as per the figure below.

rdp-otp-required

a.If the user is enabled for SMS OTPs, an SMS will be sent containing an OTP that may be typed to authenticate.

b.If the user has installed the ESA mobile application on their phone, it may be used to generate an OTP to authenticate. OTPs are displayed in the mobile application with a space between the 3rd and 4th digits to improve readability. The Remote Desktop Protection module strips whitespace, so a user may include or exclude whitespace when entering an OTP without affecting authentication.

c.If the user has installed the ESA mobile application on their phone and is allowed to use both OTP and Push authentication, the screen will indicate approval of the push notification. Alternatively the user can proceed to OTP authentication by clicking Enter OTP.

rdp-push-approval-required

3.If a valid OTP is typed, then the user will be granted access to the computer they attempted to connect to.

4.If an invalid OTP is typed, then an error message will be displayed, and the user will not be allowed access to the remote computer.

˄˅