Overview

ESET Secure Authentication On-Prem (ESA) adds Two Factor Authentication (2FA) to Microsoft Active Directory domains or local area network, meaning a one-time password (OTP) is generated and provided along with the generally required username and password. Or a push notification is generated and has to be approved on the user's cell phone running Android OS, iOS, or Windows after the user has successfully authenticated using their general access credentials.

Push notifications require Android 4.4 and later, along with Google Play services 10.2.6 and later, or iOS.

The ESA product consists of the following components:

•The Windows Login plug-in provides 2FA for Windows computers

•The Remote Desktop plug-in provides 2FA for the Remote Desktop Protocol

•The RADIUS Server for VPN Protection adds 2FA to VPN authentication

•The Web Application plug-ins provide 2FA to various Microsoft Web Applications

•The AD FS plug-in provides 2FA for Active Directory Federation Services

•The Identity Provider Connector

•The ESA Authentication Server includes a REST-based API that can be used to add 2FA to custom applications

•ESA Management Tools:

oESA installed in an Active Directory environment:

▪ESA User Management plug-in for Active Directory Users and Computers (ADUC) is used to manage users

▪ESA Management Console, titled ESET Secure Authentication On-Prem Settings, is used to configure ESA

▪ESA Web Console, an all-in-one management tool, is the preferred way to configure ESET Secure Authentication On-Prem and manage users

oESA installed in standalone mode:

▪ESA Web Console, an all-in-one management tool, is used to configure ESET Secure Authentication On-Prem and manage users

If ESA is installed in an Active Directory environment, it stores data in the Active Directory data store. Since ESA data is automatically included in your Active Directory backups, there is no need for additional backup policies.