Manualshelf

Product manual

ManualsBrandsESET ManualsComputer equipmentREMOTE ADMINISTRATOR V1
11121314151617181920
18
are displayed in the mobile application with a space between the 3rd and 4th digits in order to improve readability. The Web
Application Protection module strips whitespace, so a user may include or exclude whitespace when entering an OTP
without affecting authentication.
4. If a valid OTP is entered, then the user will be redirected to the page they originally requested. The user will then be able to
interact with the Web App.
5. If an invalid OTP is entered, then an error message will be displayed and the user will not be allowed access to the web
application, as per the figure below.
6.
7. Remote Desktop Protection
The ESA Remote Desktop Protection module adds 2FA into the authentication process of Remote Desktop users. The module will be
loaded the next time a 2FA-enabled user attempts to use Remote Desktop to log in to a remote computer on which the ESA
Credential Provider has been installed.
Users will log in using the normal authentication process of Remote Desktop. After being authenticated by Remote Desktop, the
user will be prompted for an OTP. The user will only be allowed access to his or her computer if a valid OTP is entered.
The user's 2FA session will remain active until they log out or disconnect from the Remote Desktop session.
7.1 Configuration
To configure Remote Desktop 2FA for ADUC users, you must enable 2FA for the desired user(s). They must also be allowed Remote
Desktop users.
7.1.1 Allowing Non-2FA Users
The module can be configured to either allow or to prohibit users that do not have 2FA enabled from logging in to remote
computers with Remote Desktop Protocol through the "Users without 2FA enabled may still log in" configuration option.
This scenario occurs if the user is configured for neither SMS-based OTPs nor the Mobile Application and the Remote Desktop
configuration option to allow non-2FA users to log in is enabled. The configuration option to allow non-2FA users defaults to
being enabled after installation.
In this configuration, a user can log into the remote computer with their Active Directory password.
If the configuration option to allow non-2FA users is disabled, then the user will not be able to log into remote computers with
Remote Desktop Protocol.