How to enable passwordless authentication over RDP for RSA MFA Agent For Microsoft Windows 2.3.6 and higher
Originally Published: 2025-09-01
Article Number
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: MFA Agent For Microsoft Windows
RSA Version/Condition: 2.3.6 or above
Issue
Passwordless authentication is not directly supported for RDP in the same way as local logon.
Resolution
For RDP to work with passwordless authentication:
- The source machine (from which the RDP session is initiated) must be RSA passwordless-enabled. Authentication happens locally on the source machine first. Once successful, a smart card logon certificate for the authenticated user is shared with the destination machine.
- The destination machine must have the Smart Card Credential Provider enabled (not filtered out) so that the incoming certificate can be used for authentication.
- The destination machine (to which the RDP session is sent) must either:
- Have the same user account present locally, or
- Be in the same ecosystem/tenant so that Windows can validate the shared Smart Card logon certificate.
Related Articles
Revoke User’s Agent Passwordless Login Certificate in the Cloud Administration Console Number of Views Access Policy 2.0: Easily Rollout Passwordless to the Masses Number of Views What are the services and processes running on the Enterprise Manager Enterprise Coordinator and Remote Site Coordinator … Number of Views How to enable Active Directory diagnostic event logging. Number of Views How to enable the SSO Configuration menu in the RSA Mobile Lock Console Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
