VladimirVladimir
-
Posts
49 -
Joined
-
Days Won
1
Posts posted by VladimirVladimir
-
-
Hi Jackie
you can create a support ticket directly from the ESA web console. Click "Submit feedback" on the left menu bar and choose the second option "Report an issue or a bug".
regards
vladimir
-
Hi
I was told by our support team that you have successfully resolved this issue. Let us know if you have any further questions.
regards
v.
-
Hi
can you let us know, what version of the product you are using?
regards
v.
-
Hi
These are completely normal information/records. We know about them and they do not point to any bug or problem. These errors started to appear as a side effect when we changed the push signatures sending from provisioning server but the consequence is that current cores (2.7.x and older) print these messages.
In next ESA version, they will not appear.
We are sorry for the inconvenience.
It is not possible to suppress those events now.We hope that your monitoring software is capable to exclude them from watching.
regards
vladimir
-
We keep it there because, any other user without 2FA turned on can manage it via ADUC. Or you can turn off 2FA for web console to get access to ADUC specially ESA "tab" there.
-
Hi
in general, if you have a compatible (https://help.eset.com/esa/27/en-US/hard_tokens.html?zoom_highlightsub=hard) hard token there are two ways:
1. User has a hard token with a small display, when OTPs are displayed. He re-types the current on into the second factor prompt during the login process
2. User, when prompted with the second factor during the login process, inserts the key into the USB port and touch a button on the key and it automatically re-types the OTP into the second factor prompt for him, no need to re-type it manually (e.g. Yubikeys).
regards
v.
-
Hi there
it seems that you can find a solution on this help page https://help.eset.com/esa/27/en-US/index.html (look for highlighted rectangle),
regards
vladimir
-
Hi there
it seems that you can find a solution on this help page https://help.eset.com/esa/27/en-US/index.html (look for highlighted rectangle),
regards
vladimir
-
Hi there
there could be several reasons. This probably means, that the computer is in "offline mode" that means, it does not "see" ESA core server.
Please make sure, that the computer sees the core (at least one time) so its able to switch to "offline mode" correctly (mind the fact that offline mode has its limits).
regards
v.
-
Hello
In ESA 2.7, use RevokeHardTokenFromUser API call (see API documentation for the API usage and the usage of the method).Regards
vladimir
-
Hi there
not sure on what version are you but in version 2.7 you have several options how to add users. More details here: https://help.eset.com/esa/27/en-US/?user_management.html
regards
vladimir
-
Hi there
we would like very much to investigate this in detail. Are you able to create an official support ticket for this issue (via local reseller, partner, or directly) so the team can investigate further?
Note: Please be more specific, if you mean Local login (win) protection or RDP. And describe in more detail what was the original environment and exact build you updated to. Or any other information to help us understand the setup.
Let me know.
regards
vladimi
-
Hi
Adding one more detail. I mentioned before, that there no way to customize contents of the SMS in standard ESA product. But there is other way I didn´t mention earlier.
Can I change the text of sms?
Authentication server (AD product) - no. But you can use custom delivery option (but then you have to send the message yourself).
SDK - yes (TwoFactorConfiguration.AppInstallTextMessageText, TwoFactorConfiguration.TextMessageOTPText).regards
v.
-
Hi
Can I make a custom page for OTP?
No.
But in IISFilter (SharePoint etc.) and AD FS, logo can be customized (since 2.6, create C:\ProgramData\ESET Secure Authentication\Customization\logo.png).
__esaInternalContent is built-in to IISFilter.dll. There is no official way of changing it.v.
-
Hi there
- At the moment, you can add company logo into the OTP page. Further customizations are not possible at the moment.
-
With standard ESA, you get the API. To use the API, you need to have Active Directory in place. With the ESA SDK, you do not need to have Active Directory in place. For basic overview, see this document (https://cdn1.esetstatic.com/ESET/INT/Docs/Others/ESA/ESA-Custom-Integration-via-SDK-and-API.pdf)
- In the upcoming release of ESA, we introduce new API, reworked from the ground up, with dozens of new capabilities and independence from Active Directory
Regards
vladimir
-
Hi there
we apologize for the inconvenience. We are aware of this issue and are working on a resolution in future releases.
regards
v.
-
You need to use an user which is in Domain Admins and Schema Admins groups.
Because:
-
you need to be able e.g. to extend schema, add DNS entry, create AD groups
- as far as I know, these operations cannot be delegated (if you mean the Delegation of Control Wizard in ADUC) - or do you believe they can be delegated?
- and that's why there are prerequisites in the installer which check specifically if you are in that groups - they do not check any delegation or actual permissions or ability to do the required operations
But, note that you do not have to use the default Administrator account created while installing the domain.
You can create a new arbitrary user and add that user (temporarily) to the Domain Admins and Schema Admins groups and use that user to install ESA.To install additional components then (e.g. Windows Logins), you can use the NO_DOMAIN_ADMIN_MODE (while adding the computer accounts to EsaServices manually).
-
you need to be able e.g. to extend schema, add DNS entry, create AD groups
-
Hi there
for ESA installation you need domain admin and schema admin. Schema admin is needed only initially (sometimes schema admin is included in the domain admin).
For more details please check product documentation: LINK
regards
vladimir
-
Hi there
ESET Secure Authentication needs internet connection to be fully functional (during setup, license activation, user provisioning, Push authentication, SMS OTPs) but there is an option to choose authentication method such as generating OTPs in ESA mobile app (after provisioning of users which needs connection) or use of hardware tokens in offline environments. So if you are able to have it online during installation. activation, provisioning of users (in the case of mobile app) and then put it in offline state, it should work.
If you are not able to keep it online during the initial steps, please contact ESET support directly to discuss what and if there are other options for the customer.
regards
vladimir
-
6 minutes ago, bbahes said:
Will you make feature comparison available?
Yes, with public release of the product.
-
Hi Mike
as this product is not yet publicly available, we are not able to share all the details. First and foremost, ESET Cloud Administrator will be a brand new product (not a successor to ERA6) designed for Small & Medium business customers, requesting simplistic & straight-forward operation without hassles. Despite the fact that it will be based on similar architecture and concepts known from ERA6. However some functionality was re-worked to support cloud hosting, some was omitted as is not valid for Small & Business Customers, and some added, in order to optimize user experience.
Major difference will be a Quick setup - there will be only few simple steps which needed to be done to make the solution up and running. After creating an ESET business account it will take just a few clicks to create a dedicated cloud console. With the help of live-installers adding a computer will be a simple and streamlined activity.
All the usual stuff, typical for on-premise software such as initial configuration, setup, suitable hardware, and related maintenance will be taken care of automatically in the background by ESET.
Regarding the functionality, there will be a huge overlap with ERA6 functionality with focus on simplicity of use.
We will share more details when the product will be publicly announced.
regards
vladimir
-
Configuring AD FS for Office 365 has nothing to do with ESET Secure Authentication directly. ESA is just a plugin on the top of that, utilizing already configured environment. That´s why we do not cover such topics in related product documentation.
How to properly configure ADFS to work with Office 365 can be found on Microsoft support pages: https://blogs.technet.microsoft.com/rmilne/2017/04/28/how-to-install-ad-fs-2016-for-office-365/
regards
vladimir
-
Hi there
in general, it is really hard for us to provide help if we do not receive log files from the product to investigate possible issue, but it seems (according to the issue number) that it has to do something with compatibility between components.
It seems that you have installed latest RDP plugin and ESA server (on the new server) and when accessing the new server via RDP (with ESA plugin), the newest plugin is connecting to the old ESA server , installed on the old server.
Try to deactivate/uninstall ESA core on the old server. Or even better, before doing anzthing, trz to share as much details as possible with us, e.g. esa server versions, plugin version, better describe zour actual setup, what computer is connecting to which, domain description etc. So we can make a better decision.
As we are at the moment guessing what could went wrong and there will be some follow up activities needed, please try to contact you regional reseller to create an official support ticket for you, so relevant team can help you. Or if you are an reseller/disributor, you are able to create a support ticket directly.
v.
-
Hi there
mandatory prerequisite is to configure your AD FS to provide authentication to Office 365. If this was done and ESA plugin installed it should work. Did you configure your ADFS/365 correctly?
v.
ESET ESA 3 cases
in ESET Products for Mobile Devices
Posted
Hi
The 3rd scenario seems identical to Scenario 2. Or did you mean a scenario where mobile device is offline and also the computer is offline? If yes, it depends how you configured settings (see screenshot) in console:
regards
vladimir