Overview
ESET Secure Authentication On-Prem (ESA) adds Two Factor Authentication (2FA) to Microsoft Active Directory domains or local area network, meaning a one-time password (OTP) is generated and provided along with the generally required username and password. Or a push notification is generated and has to be approved on the user's cell phone running Android OS, iOS, or Windows after the user has successfully authenticated using their general access credentials.
Push notifications require Android 4.4 and later, along with Google Play services 10.2.6 and later, or iOS.
The ESA product consists of the following components:
•The Windows Login plug-in provides 2FA for Windows computers
•The Remote Desktop plug-in provides 2FA for the Remote Desktop Protocol
•The RADIUS Server for VPN Protection adds 2FA to VPN authentication
•The Web Application plug-ins provide 2FA to various Microsoft Web Applications
•The AD FS plug-in provides 2FA for Active Directory Federation Services
•The Identity Provider Connector
•The ESA Authentication Server includes a REST-based API that can be used to add 2FA to custom applications
oESA installed in an Active Directory environment:
▪ESA User Management plug-in for Active Directory Users and Computers (ADUC) is used to manage users
▪ESA Management Console, titled ESET Secure Authentication On-Prem Settings, is used to configure ESA
2FA enabled for Domain Admin user If a Domain Admin user has 2FA enabled during their ESA 2.7.x or 2.8.x upgrade, access to the Active Directory Users and Computers > ESET Secure Authentication On-Prem screen and ESA Management Console will be removed. The ESA Web Console must be used instead. Alternatively, allow accessing the Web Console (also applies to Management Tools) through IP address whitelisting, or disable 2FA for the Domain Admin user, create another user with 2FA disabled and add the user to the ESA Admins group, or disable 2FA for the ESA Web Console. |
▪ESA Web Console, an all-in-one management tool, is the preferred way to configure ESET Secure Authentication On-Prem and manage users
oESA installed in standalone mode:
▪ESA Web Console, an all-in-one management tool, is used to configure ESET Secure Authentication On-Prem and manage users
If ESA is installed in an Active Directory environment, it stores data in the Active Directory data store. Since ESA data is automatically included in your Active Directory backups, there is no need for additional backup policies.