ESET REMOTE ADMINISTRATOR V1 Manual

ESET SECUREAUTHENTICATIONProduct Manual

10When prompted, make sure that the "Management Tools", "Authentication Server" and "RADIUS Server for VPN Protection"co

113.2 Installation of the Web App pluginFrom the machine running the Web App that is to be protected, run the supplied .exe file to start the instal

123.3 Installation of the Remote Desktop pluginFrom the Remote Desktop Access machine that is to be protected, run the supplied .exe file to start t

133.4 Basic ConfigurationOnce you have installed the required components, some basic configuration is necessary. All configuration of the ESA system

144. User ManagementAll user management is done via the Active Directory Users and Computers management interface. All ESA users must have validmobile

15Enabling soft-token OTPs for a specific user:1. Make sure that the check box next to Mobile Application is selected.2. Click Send Application.3. The

166. Optionally allow any non-2FA users to use the VPN. NOTE: Allowing non-2FA users to log in to the VPN without restricting access to a security gro

176.1 ConfigurationThe Web Application integration can be configured from the Basic Settings page of your domain in the ESET Secure Authenticationma

18are displayed in the mobile application with a space between the 3rd and 4th digits in order to improve readability. The WebApplication Protection m

197.2 UsageThe operation of the Remote Desktop Protection module can be verified as follows:1. A domain user that has ESA 2FA enabled in the ADUC ma

ESET SECURE AUTHENTICATIONCopyright 2015 by ESET, spol. s r.o.ESET Secure Authentication was developed by ESET, spol. s r.o.For more information vis

208.1 Hard Token ManagementThis section describes how to enable hard tokens and manage them using the ESA Management Console.This mainly consists of

215. A result window will pop up indicating how many hard tokens were imported.6. On clicking OK the windows will close and the imported hard tokens w

228.1.3 DeleteIt may be necessary to delete a token from the system.Tokens can be deleted as follows:1. Launch the ESET Secure Authentication Manage

238.2 Hard Token User ManagementThis section deals with the user management of hard tokens. For this functionality to work hard tokens need to be en

24

258.2.2 RevokeRevoking a hard token for a user will also disable that user for hard token authentication.A hard token can be revoked as follows:1. O

269.1 Integration OverviewThe API consists of two endpoints , which are both called by POSTing JSON-formatted text to the relevant API URLs. All res

279.3.2 Importing the New CertificateThe new certificate needs to be placed in the Local Machine\Personal store before it can be used.1. Launch the

28Windows Server 2003:1. Click “Start” -> “All Programs” -> “Windows Support Tools” -> “Command Prompt”2. Type “httpcfg query ssl -i 0.0.0.0:

2910.1 User StatesA user may be in various states during regular operation. Before enabling a user for 2FA, they are in an uninitialized state:

Contents...4Overview1...4Requirements2...

30A user may then be enabled for either SMS-based OTPs, Mobile Application OTPs, or both. If they are enabled for both, they are inwhat is known as th

31In this state, a user will receive SMS OTPs when authentication attempts are initiated, but as soon as a valid mobile OTP is usedfor authentication,

32When authenticating OTPs, a user has 10 opportunities to enter an incorrect OTP. On the 11th failed OTP, a user's 2FA gets locked.This is to pr

33If Hard Token OTPs have been enabled in the MMC, then the Hard Token check-box will become available. There are then morestates in which the user m

34Or the user may be in a transitioning state where all three OTP types are enabled. In this state, a user will receive SMS OTPs whenauthentication at

35In the following state the user is enabled for both Hard Token and mobile OTPs:

36If the Mobile Application has been sent but not yet installed, the user will be in the following state:

37The user can also be in the state where both SMS and Hard Token OTPs are allowed:

3810.2 Provisioning Multiple PhonesYou can distribute the ESET Secure Authentication mobile app or SMS text messaging service to multiple mobile pho

396. Click Send Application. Your client phones will receive a text message containing a link to the ESA mobile app download page.

41. OverviewESET Secure Authentication (ESA) adds Two Factor Authentication (2FA) to Microsoft Active Directory domains. The ESA productconsists of th

4010.3 Override Mobile Number FieldYou can specify the Active Directory field from which a user's mobile number is loaded. The "Mobile&quo

41The ESA SMS Users group contains all users in your domain that have been enabled for SMS OTPsESA Mobile App UsersThe ESA Mobile App Users group cont

4211.1.2 On-demand SMS-based OTPsESET Secure Authentication supports "On-demand SMS OTPs" for certain systems that support primary authent

4311.1.7 Access Control Using Group MembershipESA supports the ability to only allow members of a specific AD security group to log in to the VPN us

44The use of the standard Windows event logging architecture facilitates the use of third-party aggregation and reporting tools suchas LogAnalyzer.12.

45whichever is lowestSMS Creditsless than 10 SMS creditsremaining (Onboarding +Top-up)0 SMS creditsremainNeverNeverNever12.2.4 License EnforcementTh

52.2 Supported Web ApplicationsESET Secure Authentication provides 2FA for the following Microsoft products:Microsoft Exchange 2007o Outlook Web Acc

6Management Tools:o Windows XP SP3 or later, or Windows 2003 Server SP2 or latero .NET Framework version 3.5 o Windows Remote Server Administration To

7supported on these client operating systems.2.5 Supported Active Directory EnvironmentsESET Secure Authentication supports either single domain or

83. InstallationAll of the following components are required for your first ESA installation:At least one instance of the Authentication ServerAt leas

93.1 Installation of the Core componentsFrom the machine hosting the ESA Authentication Service, run the supplied .exe file to start the installatio