CyberArk pass-through authentication stops at the login screen when the RSA Authentication Agent 7.x for Windows is installed
RSA Product Set: SecurID RSA Product/Service Type: Authentication Agent for Windows RSA Version/Condition: 7.x
The CyberArk or mRemoteNG pass-through authentication stops at the login screen when RSA Authentication Agent 7.x for Windows is installed.
When a username and password is pre-provided on a published application,like CyberArk,Microsoft Remote Desktop Connection (mRemoteNG), the users will see the login screen again if the RSA Authentication Agent 7.x for Windows is installed.
Login to the machine where the RSA Authentication Agent for Windows is installed, with an administrator user who has read/write/execute permissions to the local group policy editor.
In the Run box, type gpedit.msc and press Enter to access the local group policy editor.
In the Local Group Policy Editor, navigate to Computer Configuration\Administrative Templates\Classic Administrative Templates\RSA Desktop\Local Authentication Settings\.
Select the policy named Enable the Logon with credentials with remote applications.
At the Accept remote credentials option, select All remote applications, as shown below:
Click Apply and OK.
Close the Local Group Policy Editor.
From Start > Run, type cmd and press Enter.
In the command prompt, type the command gpupdate /force then press Enter:
C:\Users\administrator> gpupdate /force
Computer Policy update has completed successfully.
User Policy update has completed successfully.
Log off from the desktop and try to login again
This allows the authentication agent to use the credentials received from remote applications. Now the user should be able to login without an authentication prompt for unchallenged users.
Challenged users will still continue to get the passcode prompt and they need to authenticate using their RSA SecurID token.