ESET Secure Authentication: Frequently Asked Questions
What is ESET Secure Authentication? ESET Secure Authentication (ESA) is a mobile-based solution that uses two-factor, one-time password (2FA OTP) authentication for accessing a company’s Virtual Private Network (VPN) and Microsoft Web Applications (such as Outlook Web App).
What are the supported environments for ESET Secure Authentication Server? The installer automatically selects all components that can be installed on the current computer, with the exception of the Core Authentication Service, which is only selected by default on the first installation.
ESA Services and management tools:
Server operating systems: Windows Server: 2008, 2008 R2, 2012, 2012 R2, 2012 Essentials, 2012R2 Essentials, 2016 and 2016 Essentials, 2019 and 2019 Essentials
Windows Small Business Server: 2008, 2011
Client operating systems: Windows: 7, 8, 8.1, 10
Active Directory domain: Windows 2000 Native (minimum supported functional level)
Compatibility with Microsoft Threat Management Gateway (TMG) and Microsoft Internet Security and Acceleration Server (ISA).
Android™ 4.1 to Android 10 (Google Play Services 10.2.6 are required for both push notifications and provisioning)
Windows Phone 8.1 to Windows 10 Mobile
How do I install and configure ESET Secure Authentication? Server-side: Visit the following ESET Knowledgebase article ESET Secure Authentication Setup Checklist. Client-side (mobile app): Visit one of the following Knowledgebase articles for your mobile device
Can ESET Secure Authentication be used with ERA/ESMC/ESET PROTECT? No. ESET Secure Authentication is not managed using ERA/ESMC/ESET PROTECT. However, ESET Secure Authentication Server can be installed on the same server as ERA/ESMC/ESET PROTECT.
Can ESET Secure Authentication Server be used with my existing VPN? Visit our Knowledgebase article for a list of supported VPNs with links to integration guides that detail the best practices when using ESET Secure Authentication with each.
Can I use ESET Secure Authentication to add two-factor authentication (2FA) to my existing authentication application? Yes, the ESET Secure Authentication API allows you to add 2FA to your existing application. For more information, see the ESET Secure Authentication API user guide.
Can ESA use Push authentication for Android devices? Yes. In version 2.5.x and later, you can use the push authentication method on mobile devices (Android and iOS). Both OTP and Push authentication can be enabled per user in the ADUC management interface.
How is ESET Secure Authentication updated? In ESET Secure Authentication (ESA) version 2.5.X and later, you can upgrade ESA by launching the installer. There is no need to manually uninstall the previous version. The mobile app updates over the internet using your device's app manager (for example, Google Play, Apple App Store, Windows Phone Apps store, etc.).
How do I secure my Office 365 account? You must have AD FS 3.0 or 4.0 running and connected with Office 365. To set it up, run the ESA installer on the AD FS machine to install the plugin. After successful installation, all 2FA enabled users will be prompted for the OTP (one-time password) when logging into Office 365.
Who pays for SMS messages? You are responsible for all costs associated with receiving SMS messages (for example, data transmission or roaming fees).
What are SMS credits? You use SMS credits to deliver a one-time password (OTP) via SMS also known as "SMS OTP". From a licensing perspective, ESA version 2.8 and later distinguish between “Onboarding SMS” and “SMS OTP”. “Onboarding SMS” is used to deliver a mobile app activation link (also known as provisioning) to a user’s mobile phone. Customers do not receive any “SMS OTP” initially as part of standard ESA license. However, they can buy additional SMS for delivering SMS OTP. We recommend to use the mobile app, push notification or hard token method to generate one-time passwords.
Can ESET Secure Authentication be used with VMWare View platform? Yes. VMware is supported by ESET Secure Authentication.
Can the ESET Secure Authentication mobile app be installed on a device that has ESET Mobile Security or ESET Endpoint Security for Android installed? Yes. The ESET Mobile Security products are separate and do not interfere with the ESET Secure Authentication mobile app.
Which languages are available? The current release is available in English. The Mobile Applications are available in Arabic, Chinese Simplified, Chinese Traditional, Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian, Slovak, Spanish and Turkish.
How does offline authentication work? If 2FA protection is enabled for offline mode, all users whose accounts are secured by 2FA and who want to use a 2FA-protected PC must log in to that PC for the very first time while the PC is online. By 'online' we mean that the main computer where the Authentication Server of ESA resides and where the ESET Secure Authentication Service service is running can be pinged from the 2FA-secured computer.
When the 2FA-secured computer is offline, and a user logs in authenticating by an OTP, the ESA Credential Provider Proxy service (ECPPS) decreases the number of available offline logins (20 by default) by 1. If the number of offline logins (20 by default) is depleted, subsequent offline authentication will not be possible. When an online login occurs, meaning when the ECCPS connects to the AS and the user authenticates via 2FA, it fills up the offline OTP cache and resets the offline login counter.