An administrator enabled the RSA MFA Agent for macOS to require additional authentication during macOS authentication. The administrator is no longer able to log in to the macOS machine.
The administrator is not synced to the Cloud Authentication Service. The RSA MFA Agent for macOS option to Disable Cloud Authentication Service Authentication for Unknown User configuration property has not been enabled.
There are three options to allow the administrator to regain access to the macOS machine. Choose one of the following:
SSH to the macOS machine using an administrator account and edit the agent settings at /Library/Preferences/com.rsa.mfaconfig.plist. Options include setting disableCASforUnknownUser=true or enableCAS=false.
SSH to the macOS machine using an administrator account and uninstall the RSA MFA Agent for macOS by running the following command:
Sync the administrator (using sAMAccountName or equivalent) from your identity source to the Cloud Authentication Service and have the admin user register a mobile device. This will allow the administrator to meet the additional authentication requirement enforced by the RSA MFA Agent for macOS.