macOS administrator locked out due to RSA MFA Agent for macOS misconfiguration
Originally Published: 2020-06-24
Article Number
Applies To
RSA Product/Service Type: MFA Agent for macOS
RSA Version/Condition: 1.x
Issue
Cause
Workaround
- SSH to the macOS machine using an administrator account and edit the agent settings at /Library/Preferences/com.rsa.mfaconfig.plist. Options include setting disableCASforUnknownUser=true or enableCAS=false.
- SSH to the macOS machine using an administrator account and uninstall the RSA MFA Agent for macOS by running the following command:
sudo /Library/Application Support/RSA MFA Agent/UninstallRSAmacOSAgent.sh
- Sync the administrator (using sAMAccountName or equivalent) from your identity source to the Cloud Authentication Service and have the admin user register a mobile device. This will allow the administrator to meet the additional authentication requirement enforced by the RSA MFA Agent for macOS.
Related Articles
RSA Announces the Release of RSA MFA Agent 2.0 for macOS Number of Views RSA MFA Agent 2.0 for macOS Installation and Administration Guide Number of Views Deploy the RSA MFA Agent for macOS via Microsoft Intune Number of Views RSA Announces that RSA SecurID Software Token 4.2.1 for Mac is Qualified on Mac OS 10.15 Catalina Number of Views PKInstallErrorDomain Code=112 seen when installing RSA MFA Agent for Mac 2.0 .pkg on MacOS 26.0.1 Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
