Two-Factor Authentication

Two-Factor Authentication (2FA) provides a more secure method to log into and access ESET PROTECT Web Console.

2FA is provided by ESET using ESET Secure Authentication technology. You do not need to deploy or install ESET Secure Authentication within your environment, as ESET PROTECT automatically connects to ESET servers to authenticate users who log into your ESET PROTECT Web Console.

Users with 2FA enabled will be required to log into ESET PROTECT using ESET Secure Authentication.

For more information about product features and benefits, visit the ESET Secure Authentication product page.

There is no limit to the number of users who can log into ESET PROTECT via ESA 2FA.

HTTP Proxy settings are not applied for communication with Secure Authentication servers (2FA).

You can enable 2FA also for the Administrator account.

Prerequisites

To enable 2FA for another user's account, one needs to have Write permission over that user. Once enabled, a user needs to configure 2FA themselves before they can log in. Users will receive a link via text message (SMS), which they can open in their phone's web browser to view instructions for configuring 2FA.

2FA does not work without direct network access to ESET 2FA servers. Allowing at least specific 2FA servers in the firewall is necessary. If the proxy is set-up in the More > Server Settings > Advanced Settings > HTTP Proxy, it does not apply for the 2FA.

note

Note

You cannot use users with 2FA for server assisted installations.

How to enable Two-Factor Authentication for a Web Console user?

1.Create a new user or use an existing one.

2.Navigate to More > Users in the ESET PROTECT Web Console.

3.Click the user and select Two-Factor Authentication > apply_defaultEnable.

4.Upon the user's next login, enter the user's phone number when prompted.

5.Install ESET Secure Authentication mobile app on the user's mobile phone using the link from SMS or QR code.

6.When the app is installed using the token, your ESET PROTECT instance is added in the app.

7.Proceed to login and enter the one-time password from the mobile app to the Web Console when prompted. A new password is generated in the mobile app for each login.

Troubleshooting

If a Web Console user cannot log into the Web Console with 2FA, follow these steps:

1.Back up the ESET PROTECT database.

2.Select the applicable option:

The phone number set up for 2FA is accessible:

a)During the Web Console login, click Reset Token in the 2FA pop-up window.

b)A verification SMS is sent to the phone number set up for 2FA.

warning

Warning

You cannot change the phone number stored in the ESET PROTECT database. If the phone is inaccessible, follow the steps below.

 

The phone number set up for 2FA is inaccessible (the phone is lost, damaged, etc.)

a)Reset the Web Console password to disable 2FA on the Administrator account.

note

Note

Other ESET PROTECT user accounts 2FA state remains unaffected.

b)The user can log into the Web Console without 2FA and then re-enable 2FA after logging in.