Manualshelf

Product manual

ManualsBrandsESET ManualsComputer equipmentREMOTE ADMINISTRATOR V1
36373839404142434445
43
11.1.7 Access Control Using Group Membership
ESA supports the ability to only allow members of a specific AD security group to log in to the VPN using 2FA. This is configured on
a per RADIUS client basis under the Access Control heading.
11.1.8 Hard Tokens
This scenario occurs if both the user and the RADIUS client are configured to use Hard Token OTPs.
In this configuration, a user logs into the VPN by entering their Active Directory (AD) password concatenated with an OTP
generated by their Hard Token. For example, given an AD password of 'password' and an OTP of '123456', the user enters
'password123456' into the password field of their VPN client.
Supported authentication protocols: PAP.
11.2 OTPs and Whitespace
OTPs are displayed in the mobile application with a space between the 3rd and 4th digits in order to improve readability. All
authentication methods except MS-CHAPv2 strip whitespace from the provided credentials, so a user may include or exclude
whitespace without affecting authentication.
11.3 ESA Authentication Methods and PPP Compatibility
This section explains which PPP authentication methods are compatible with which ESA authentication methods. The VPN server
must be configured to allow all protocols that clients might want to use. End-user VPN clients need only be configured for a single
protocol.
Whenever more than one protocol is supported, VPN clients should be configured to use MS-CHAPv2 with 128-bit MPPE. This
means that PAP is only recommended for Compound Authentication.
Authentication Method
PAP
MS-CHAPv2
MS-CHAPv2 with MPPE
SMS-Based OTPs
Supported
Supported
Supported
On-demand SMS-Based OTPs
Supported
Not supported
Not supported
Mobile-Application (OTP Only)
Supported
Supported
Supported
Mobile Application (Compound
Authentication)
Supported
Not supported
Not supported
Hard Token OTPs
Supported
Not supported
Not supported
Active Directory passwords
without OTPs
Supported
Supported
Supported
12. Auditing and Licensing
12.1 Auditing
ESA records audit entries in the Windows event logs - specifically the Application log in the Windows Logs section. The Windows
Event Viewer can be used to view the audit entries.
Audit entries fall into the following categories:
User auditing
o Successful and failed authentication attempts
o Changes to 2FA state, for example, when a user account becomes locked
System auditing
o Changes to ESA settings
o When ESA services are started or stopped