AD FS

ESA is a great choice for security if you are using Active Directory Federation Services (AD FS) and want to secure it with 2FA.

To start the installation, on the computer running AD FS, either use the live installer or run the generic installer (.EXE file). When prompted, select the check box next to the AD FS component and complete the installation.

During the installation of AD FS, configuration is modified - the ESET Secure Authentication authentication method is added and if no location is specified both Intranet and Extranet locations will be included. The image below shows the configuration changes with the Intranet location selected before installation of the AD FS component of ESA.

When the installation is complete, open the ESAC EA Web Console, navigate to Components, click AD FS and you will see the 2FA is enabled and Allow non 2FA options enabled.

If a website requiring authentication verifies the identity against AD FS, and 2FA protection through ESA is applied to the specific AD FS, you will be prompted to type an OTP or approve the push notification or authenticate via FIDO after successful verification of identity:

OTP required (on the left); Approval of push notification required (on the right)