Manualshelf

Product manual

ManualsBrandsESET ManualsComputer equipmentREMOTE ADMINISTRATOR V1
36373839404142434445
42
11.1.2 On-demand SMS-based OTPs
ESET Secure Authentication supports "On-demand SMS OTPs" for certain systems that support primary authentication against
Active Directory and secondary authentication against a RADIUS server. In this scenario, users that have already been
authenticated against Active Directory may type the letters 'sms' to receive a One Time Password via SMS.
NOTE: This feature should only be used when instructed to do so by an official ESET Secure Authentication Integration Guide, as it
may allow users to authenticate with only an OTP if used incorrectly.
11.1.3 Mobile Application
This scenario occurs if the user is configured to use only the Mobile Application and the RADIUS client is configured to use Mobile
Application-based OTP authentication.
The user logs in with an OTP generated by the Mobile Application. Note that PIN enforcement is strongly recommended in this
configuration to provide a second authentication factor.
Supported PPTP Protocols: PAP, MSCHAPv2.
Compound Authentication Enforced
This scenario occurs if the RADIUS client is configured to use Compound Authentication. This authentication method is restricted
to users who are configured to use the Mobile Application.
In this scenario, a user logs into the VPN by entering their Active Directory (AD) password concatenated with an OTP generated by
the Mobile Application. For example, given an AD password of 'password' and an OTP of '123456', the user enters
'password123456' into the password field of their VPN client.
Supported authentication protocols: PAP.
11.1.4 Hard Tokens
This scenario occurs if both the user and the RADIUS client are configured to use Hard Token OTPs.
In this configuration, a user logs into the VPN by entering their Active Directory (AD) password concatenated with an OTP
generated by their Hard Token. For example, given an AD password of 'password' and an OTP of '123456', the user enters
'password123456' into the password field of their VPN client.
Supported authentication protocols: PAP.
11.1.5 Migration from SMS-Based OTPs to Mobile Application
This scenario occurs if the user is configured to use both SMS-based OTPs and the Mobile Application, and the RADIUS client is
configured to use OTP authentication.
In this configuration, the user may use either the SMS-based OTP or Mobile Application OTP scenarios (as described above) to log
in.
If the user logs in with an OTP generated with their Mobile Application, SMS OTP authentication will automatically be disabled.
On subsequent attempts, SMS based OTPs will not be accepted as log-in credentials.
Supported authentication protocols: PAP, MSCHAPv2.
11.1.6 Non-2FA Pass-through
This scenario occurs if the user is not configured for SMS-, Mobile Application- or Hard Token-based OTPs, and the RADIUS client
configuration option to allow Active Directory passwords without OTPs is selected.
In this configuration the user logs in with their Active Directory password.
Supported authentication protocols: PAP, MSCHAPv2.
NOTE: For Microsoft Routing & Remote Access Server (RRAS) PPTP VPNs, encryption of the VPN connection is not performed when
the PAP authentication protocol is used, and is therefore not recommended. Most other VPN providers encrypt the connection
regardless of the authentication protocol in use.