[KB3287] ESET Secure Authentication FAQ

Solution

  1. What is ESET Secure Authentication On-Prem?
    ESET Secure Authentication On-Prem (ESA) is a mobile-based solution that uses two-factor, one-time password (2FA OTP) authentication for accessing a company’s Virtual Private Network (VPN) and Microsoft Web Applications (such as Outlook Web App).

    For more information about product features and benefits, visit the ESET Secure Authentication product page.

  2. What are the supported environments for ESET Secure Authentication Server?
    The installer automatically selects all components that can be installed on the current computer, with the exception of the Core Authentication Service, which is only selected by default on the first installation.

    • ESA Services and management tools:

    • Active Directory domain: Windows 2000 Native (minimum supported functional level)
    • Compatibility with Microsoft Threat Management Gateway (TMG) and Microsoft Internet Security and Acceleration Server (ISA).

  3. Which Microsoft Web Applications are supported?
    See the Online help topic Supported Web Applications.


    Figure 1-1

  4. Which mobile devices are supported?

    • iPhone iOS 9 to iOS 13
    • Android™ 4.1 to Android 10 (Google Play Services 10.2.6 are required for both push notifications and provisioning)
    • Windows Phone 8.1 to Windows 10 Mobile

  5. How do I install and configure ESET Secure Authentication On-Prem?
    Server-side: Visit the following ESET Knowledgebase article ESET Secure Authentication On-Prem Setup Checklist.
    Client-side (mobile app): Visit one of the following Knowledgebase articles for your mobile device

  6. Can ESET Secure Authentication On-Prem be used with ERA/ESMC/ESET PROTECT/ESET PROTECT On-Prem?
    No. ESET Secure Authentication On-Prem is not managed using ERA/ESMC/ESET PROTECT/ESET PROTECT On-Prem. However, ESET Secure Authentication Server can be installed on the same server as ERA/ESMC/ESET PROTECT/ESET PROTECT On-Prem.

  7. Can ESET Secure Authentication Server be used with my existing VPN?
    Visit our Knowledgebase article for a list of supported VPNs with links to integration guides that detail the best practices when using ESET Secure Authentication On-Prem with each.

  8. Can I use ESET Secure Authentication On-Prem to add two-factor authentication (2FA) to my existing authentication application?
    Yes, the ESET Secure Authentication API allows you to add 2FA to your existing application. For more information, see the ESET Secure Authentication API user guide.

  9. Can ESA use Push authentication for Android devices?
    Yes. In version 2.5.x and later, you can use the push authentication method on mobile devices (Android and iOS). Both OTP and Push authentication can be enabled per user in the ADUC management interface.

    For a video overview of the Push authentication feature, see the following ESET video:
    ESET Secure Authentication – Push Authentication

  10. How is ESET Secure Authentication On-Prem updated?
    In ESET Secure Authentication On-Prem (ESA) version 2.5.X and later, you can upgrade ESA by launching the installer. There is no need to manually uninstall the previous version.
    The mobile app updates over the internet using your device's app manager (for example, Google Play, Apple App Store, Windows Phone Apps store, etc.).
  1. How do I secure my Office 365 account?
    You must have AD FS 3.0 or 4.0 running and connected with Office 365. To set it up, run the ESA installer on the AD FS machine to install the plugin. After successful installation, all 2FA enabled users will be prompted for the OTP (one-time password) when logging into Office 365.

    For video instructions for configuring ESA with Office 365, see the following ESET Knowledgebase video:
    ESET Secure Authentication: Office 365 and Active Directory Federation Services Protection (ADFS)

Figure 1-2

  1. Who pays for SMS messages?
    You are responsible for all costs associated with receiving SMS messages (for example, data transmission or roaming fees).

    Figure 1-3

  2. What are SMS credits?
    You use SMS credits to deliver a one-time password (OTP) via SMS also known as "SMS OTP". From a licensing perspective, ESA version 2.8 and later distinguish between “Onboarding SMS” and “SMS OTP”. “Onboarding SMS” is used to deliver a mobile app activation link (also known as provisioning) to a user’s mobile phone. Customers do not receive any “SMS OTP” initially as part of a standard ESA license. However, they can buy additional SMS for delivering SMS OTP. We recommend using the mobile app, push notification or hard token method to generate one-time passwords.

  3. Can ESET Secure Authentication On-Prem be used with VMWare View platform?
    Yes. VMware is supported by ESET Secure Authentication.

  4. Can the ESET Secure Authentication On-Prem mobile app be installed on a device that has ESET Mobile Security or ESET Endpoint Security for Android installed?
    Yes. The ESET Mobile Security products are separate and do not interfere with the ESET Secure Authentication mobile app.

  5. Which languages are available?
    The current release is available in English. The Mobile Applications are available in Arabic, Chinese Simplified, Chinese Traditional, Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Polish, Portuguese, Russian, Slovak, Spanish and Turkish.

  6. How does offline authentication work?
    If 2FA protection is enabled for offline mode, all users whose accounts are secured by 2FA and who want to use a 2FA-protected PC must log in to that PC for the very first time while the PC is online. When referring to online, we mean that the main computer where the Authentication Server of ESA resides and where the ESET Secure Authentication Service service is running can be pinged from the 2FA-secured computer.

    When the 2FA-secured computer is offline, and a user logs in authenticating by an OTP, the ESA Credential Provider Proxy service (ECPPS) decreases the number of available offline logins (20 by default) by one.
    If the number of offline logins (20 by default) is depleted, subsequent offline authentication will not be possible. When an online login occurs, meaning when the ECCPS connects to the AS and the user authenticates via 2FA, it fills up the offline OTP cache and resets the offline login counter.

Known issues

To review a detailed and up-to-date list of known issues, see Known issues for version 7 ESET business products.


Visit the ESET Secure Authentication playlist for available support videos.