mh3000 (Customer) to rsaSFDCadmin (RSA): asked a question.
MFA agent not requesting password by default during windows authentication | Azure AD domain
Hello fellows,
We need to deploy the MFA windows agent on one of our client's computers.
We are using a Secureid Access cloud instance with a Identity Router.
Computers are joined to a Azure AD domain only, 100% cloud (not on premise
server).
We followed the instructions given in this guide:
RSA®MFA Agent 2.1 for Microsoft WindowsInstallation and Administration Guide
We've been loading the policy template locally on each computer
The issue is that by default it asks me for the reserved password or a PIN
(Windows hello PIN) and this is not the desired behavior.
In order to successfully authenticate with MFA Agent, we need to select “log
in with another user” and specify domain\Username, then password, and then the
RSA Authenticate application token. We want the latter to be the requested
data by default. How can we achieve it?
Thanks in advanced.
We need to deploy the MFA windows agent on one of our client's computers.
We are using a Secureid Access cloud instance with a Identity Router.
Computers are joined to a Azure AD domain only, 100% cloud (not on premise
server).
We followed the instructions given in this guide:
RSA®MFA Agent 2.1 for Microsoft WindowsInstallation and Administration Guide
We've been loading the policy template locally on each computer
The issue is that by default it asks me for the reserved password or a PIN
(Windows hello PIN) and this is not the desired behavior.
In order to successfully authenticate with MFA Agent, we need to select “log
in with another user” and specify domain\Username, then password, and then the
RSA Authenticate application token. We want the latter to be the requested
data by default. How can we achieve it?
Thanks in advanced.
When installed the MFA Agent and have another authentication available you
can choose between then in the login windows options. When you select the RSA
icon it will ask for the user and password for the user domain.
if you need to specify the format DOMAIN\Username then the windows login was
changed and not use default format.
The windows login default is sMMAccountName that send username in the format
you are specify in “log in with another user”
In the MFA Agent looking the template follow "edit group local policy" ->
"computer Configuration" -> "administrative Template" -> RSA Desktop -> "Local
Authentication Settings" -> "Specify the user name format send to rsa...." and
here specificate the same format that using windows for.
If login using email you can use UPN or email
regard