How to enable passwordless authentication over RDP for RSA MFA Agent For Microsoft Windows 2.3.6 and higher
Originally Published: 2025-09-01
Article Number
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: MFA Agent For Microsoft Windows
RSA Version/Condition: 2.3.6 or above
Issue
Passwordless authentication is not directly supported for RDP in the same way as local logon.
Resolution
For RDP to work with passwordless authentication:
- The source machine (from which the RDP session is initiated) must be RSA passwordless-enabled. Authentication happens locally on the source machine first. Once successful, a smart card logon certificate for the authenticated user is shared with the destination machine.
- The destination machine must have the Smart Card Credential Provider enabled (not filtered out) so that the incoming certificate can be used for authentication.
- The destination machine (to which the RDP session is sent) must either:
- Have the same user account present locally, or
- Be in the same ecosystem/tenant so that Windows can validate the shared Smart Card logon certificate.
Related Articles
Revoke User’s Agent Passwordless Login Certificate in the Cloud Administration Console Number of Views What are the services and processes running on the Enterprise Manager Enterprise Coordinator and Remote Site Coordinator … Number of Views How to enable Active Directory diagnostic event logging. Number of Views Access Policy 2.0: Easily Rollout Passwordless to the Masses Number of Views RSA Announces RSA SecurID Authentication API 8.6 Support for OpenJDK 1.8 64-Bit Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
