This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
RickGrant
Beginner
Beginner
‎2017-11-20 10:56 AM

Why do I have to authenticate 3 times?

I have a configuration question regarding the RSA Authentication Manager v7.3.3 I just installed on a Windows 2008 R2 server. I did not install the GPO templates. I configured the authentication manger to require 2 factor authentication for a specific group of users. When I login to the server via RDP as a member of that group, I have to authenticate 3 times, first with Windows credentials, then my RSA Passcode, then Windows password again.  Ideally, I would like to only login using my username and RSA passcode. Is this possible?  If so, what configuration parameter did I miss? 

 

Thank you in advance for your help.

0 Likes
Reply
6 Replies
YasmineDowidar
Respected Contributor Respected Contributor
Respected Contributor
‎2017-11-21 10:35 AM

Hi 15zto3wAGzGmcoYR0otFDJCXElq8kO29IorXXodFIU4=‌,

 

I have moved this thread to the https://community.rsa.com/community/products/securid?sr=search&searchId=ddb326d3-30e6-42d1-b2c6-a24853ed9aca&searchIndex=0‌ page so you can get an answer to your question.

 

Thanks,

Yasmine

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2017-11-21 02:54 PM

In the old days Microsoft login with RDP mechanism allowed that. With the new way Microsoft runs RDP and credential manager logins, there is not yet a way I am aware of, to avoid using the windows password twice.

Reply
RickGrant
Beginner
Beginner
In response to YasmineDowidar
‎2017-11-21 02:59 PM

Thank you.

0 Likes
Reply
RickGrant
Beginner
Beginner
In response to EdwardDavis
‎2017-11-21 03:03 PM

Not what I was wanting to hear, but answered none the less.  Thank you for your help.

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to RickGrant
‎2017-11-21 03:19 PM

Let me add to this...windows password integration may help (depending on your setup and 'flow')

 

the second windows password at the RDP destination, might be captured by the RSA windows agent on that machine, and stored on the RSA server, and replayed the next time. So, if you do enable windows password integration, in some setups, you can hide the fact a windows password is needed if the agent can fetch the stored copy, and replay it for the login you are facing. This works to alleviate the need to type in windows password, but it may or may not work for your particular setup and 'chain of login events'. But if you are not using it now, enabling it might help. It will need to ask for the windows password once to capture it, then the next time around, it might allow you through with just the token passcode while it replays the windows password silently in the background for you.

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-11-21 04:46 PM

You could take a look at https://community.rsa.com/message/895107?commentID=895107#comment-895107 

to get a sense of what Windows 10 is doing and how AM agent currently handles this, and why in some cases you can have three prompts.

Basically we are adding every App you might use or 'Run As' to the GPO or Registry, in order to tell Windows not to prompt for Step-up on access just because the RSA Credential Provider is on the platform

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.