This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
mh3000
New Contributor
New Contributor
‎2022-07-13 01:10 PM

MFA agent not requesting password by default during windows authentication | Azure AD domain

Jump to solution

Hello fellows,

We need to deploy the MFA windows agent on one of our client's computers. 

We are using a Secureid Access cloud instance with a Identity Router.

Computers are joined to a Azure AD domain only, 100% cloud (not on premise server).

We followed the instructions given in this guide:

RSA®MFA Agent 2.1 for Microsoft WindowsInstallation and Administration Guide

We've been loading the policy template locally on each computer

mh3000_0-1657731978575.png

The issue is that by default it asks me for the reserved password or a PIN (Windows hello PIN) and this is not the desired behavior.

Imagen1.png

Imagen2.png

In order to successfully authenticate with MFA Agent, we need to select “log in with another user” and specify domain\Username, then password, and then the RSA Authenticate application token. We want the latter to be the requested data by default. How can we achieve it?

Imagen3.png

Imagen5.png

Thanks in advanced.

0 Likes
Reply
1 Solution

Accepted Solutions
cdherreramedina
New Contributor
New Contributor
‎2022-08-10 03:15 PM

Jump to solution

Hello,

 When installed the MFA Agent and have another authentication available you can choose between then in the login windows options. When you select the RSA icon it will ask for the user and password for the user domain.

 if you need to specify the format DOMAIN\Username then the windows login was changed and not use default format.

 The windows login default is sMMAccountName that send username in the format you are specify in “log in with another user”

 In the MFA Agent looking the template follow "edit group local policy" -> "computer Configuration" -> "administrative Template" -> RSA Desktop -> "Local Authentication Settings" -> "Specify the user name format send to rsa...." and here specificate the same format that using windows for.

 If login using email you can use UPN or email

cdherreramedina_0-1660158744107.png

 

regard

 

 

 

View solution in original post

Reply
1 Reply
cdherreramedina
New Contributor
New Contributor
‎2022-08-10 03:15 PM

Jump to solution

Hello,

 When installed the MFA Agent and have another authentication available you can choose between then in the login windows options. When you select the RSA icon it will ask for the user and password for the user domain.

 if you need to specify the format DOMAIN\Username then the windows login was changed and not use default format.

 The windows login default is sMMAccountName that send username in the format you are specify in “log in with another user”

 In the MFA Agent looking the template follow "edit group local policy" -> "computer Configuration" -> "administrative Template" -> RSA Desktop -> "Local Authentication Settings" -> "Specify the user name format send to rsa...." and here specificate the same format that using windows for.

 If login using email you can use UPN or email

cdherreramedina_0-1660158744107.png

 

regard

 

 

 

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.