in the past we used the standard windows agent with Authentication Manager in order to protect rdp access.
The use-case we had is that ONLY the first time a user enters his credentials and then the hardware or software tokencode. The next login user inserted ONLY the tokencode, without inserting again the AD domain password.
Now, we are moving to the RSA MFA agent in order to add push notification/approve functionality in the same use-case where users login in rdp to a windows machine.
My questions are:
1. We need every time to insert the domain password of the user before receive the push notification in the app? Or the MFA agent is able (like the standard agent) to cache the password of the user, so that the user has ONLY to insert the tokencode OR accept the approve notification (depends by the policy) in the app?
2. During the access, is it possible for the user to select the best solution for him to use, like selecting token or push or call?