Usage
The same 2FA process is followed for all supported Web Apps.
The operation of the Web Application Protection module can be verified as follows:
- A user that has ESA 2FA enabled in the ESA Web Console is required for testing. The user must also be allowed to access the Web App.
- Open the Web App in a desktop browser and authenticate using the Active Directory credentials of the test user.
- The ESA authentication page should now appear, as per the figure below.
- If the user is enabled for SMS OTPs, an SMS will be sent containing an OTP that may be entered to authenticate.
- If the user has installed the ESA mobile application on their phone, it may be used to generate an OTP to authenticate. OTPs are displayed in the mobile application with a space between the 3rd and 4th digits in order to improve readability. The Web Application Protection module strips whitespace, so a user may include or exclude whitespace when entering an OTP without affecting authentication.
- If the user has installed the ESA mobile application on their phone and is allowed to use both OTP and Push authentication, the screen will indicate approval of a push notification or prompt the user for an OTP.
- If a push notification is approved or a valid OTP is entered or FIDO is used to authenticate, the user will be redirected to the page they originally requested. The user will then be able to interact with the Web App.
- If the push notification is not approved in 2 minutes, the user will be redirected to a page requesting an OTP. If an invalid OTP is entered, then an error message will be displayed and the user will not be allowed access to the web application.