How to enable passwordless authentication over RDP for RSA MFA Agent For Microsoft Windows 2.3.6 and higher
Originally Published: 2025-09-01
Article Number
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: MFA Agent For Microsoft Windows
RSA Version/Condition: 2.3.6 or above
Issue
Passwordless authentication is not directly supported for RDP in the same way as local logon.
Resolution
For RDP to work with passwordless authentication:
- The source machine (from which the RDP session is initiated) must be RSA passwordless-enabled. Authentication happens locally on the source machine first. Once successful, a smart card logon certificate for the authenticated user is shared with the destination machine.
- The destination machine must have the Smart Card Credential Provider enabled (not filtered out) so that the incoming certificate can be used for authentication.
- The destination machine (to which the RDP session is sent) must either:
- Have the same user account present locally, or
- Be in the same ecosystem/tenant so that Windows can validate the shared Smart Card logon certificate.
Related Articles
Revoke User’s Agent Passwordless Login Certificate in the Cloud Administration Console Number of Views What are the services and processes running on the Enterprise Manager Enterprise Coordinator and Remote Site Coordinator … Number of Views Access Policy 2.0: Easily Rollout Passwordless to the Masses Number of Views Amazon Web Services Identity Router Deployment Requirements Number of Views AM 7.1- can the isMemberOf attribute in SunOne DS 6.X be used in an identity source mapping filter Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
