Hello,
in the past we used the standard windows agent with Authentication Manager in order to protect rdp access.
The use-case we had is that ONLY the first time a user enters his credentials and then the hardware or software tokencode. The next login user inserted ONLY the tokencode, without inserting again the AD domain password.
Now, we are moving to the RSA MFA agent in order to add push notification/approve functionality in the same use-case where users login in rdp to a windows machine.
My questions are:
1. We need every time to insert the domain password of the user before receive the push notification in the app? Or the MFA agent is able (like the standard agent) to cache the password of the user, so that the user has ONLY to insert the tokencode OR accept the approve notification (depends by the policy) in the app?
2. During the access, is it possible for the user to select the best solution for him to use, like selecting token or push or call?
Thanks
Hi Falco - please see my answers below:
1. We need every time to insert the domain password of the user before receive the push notification in the app? Or the MFA agent is able (like the standard agent) to cache the password of the user, so that the user has ONLY to insert the tokencode OR accept the approve notification (depends by the policy) in the app?
Yes, the current MFA Agent version 1.2 requires entering the Windows password to unlock before (optionally) requiring additional authentication.
2. During the access, is it possible for the user to select the best solution for him to use, like selecting token or push or call?
Yes, the user can select the desired additional authentication method from the available methods the administrator has configured in the Cloud Administration Console's access policy.
Hope that helps,
Ted