RSA Product/Service Type: MFA Agent
RSA Version/Condition: All Versions
Platform: macOS
MacOS also removes third-party plugins of MFA vendors if there are changes that could effect the relevant authorization databases. For example, after the upgrade of macOS Monterey to version 12.3 or higher, the RSA MFA Agent plugin entry was removed from 'system.login.console'.
Prerequisites (to be executed by an administrator):
1. Copy RestoreRSAPlugin.sh to the /Library/Application Support/RSA MFA Agent/ folder using the following command:
sudo cp RestoreRSAPlugin.sh /Library/Application\ Support/RSA\ MFA\ Agent/
2. Make sure the file permission is set to 751 using the following command:
sudo chmod 751 /Library/Application\ Support/RSA\ MFA\ Agent/RestoreRSAPlugin.sh
About the script:
This script verifies and restores the RSA MFA Agent plugin. If the plugin is removed during the macOS updates, then this script can be executed either with no arguments or “EnableMonitor” or “DisableMonitor” arguments.
1. No arguments:
Executing the script without arguments verifies and restores the RSA MFA Agent plugin on the existing macOS version (it will not monitor for RSA MFA Agent plugin removal for future macOS updates). After executing this command, restart the machine to enable the plugin to function at the console and screensaver.
Command:
sudo /Library/Application\ Support/RSA\ MFA\ Agent/RestoreRSAPlugin.sh
Note: This option does not monitor the RSA MFA Agent plugin.
2. EnableMonitor:
Executing the script with “EnableMonitor” as an argument adds the daemon service to monitor for RSA MFA Agent plugin after the macOS restarts. This adds the RSA MFA Agent plugin as per the Agent configuration and performs machine restart to enable the plugin to function. Also, if the plugin is already removed, then this option restores it when the machine is restarted.
Command:
sudo /Library/Application\ Support/RSA\ MFA\ Agent/RestoreRSAPlugin.sh EnableMonitor
3. DisableMonitor:
Executing the script with “DisableMonitor” removes daemon service to stop monitoring for the RSA MFA Agent plugin.
Command:
sudo /Library/Application\ Support/RSA\ MFA\ Agent/RestoreRSAPlugin.sh DisableMonitor
Note: macOS updates must be verified on a test machine before users upgrade their systems. During the verification process, if the RSA MFA Agent plugin is removed, administrators have to enable the plugin to make sure that the latest macOS updates do not impact the Agent login. Based on the infrastructure management, administrators can utilize different modes provided by the RestoreRSAPlugin.sh script, such as to enable the RSA MFA Agent plugin one time or add a daemon service to monitor the RSA MFA Agent plugin for future macOS updates.
It is strongly recommended that the macOS update is validated on a test machine to verify if the plugin is being removed before it is pushed to end-user computers. If the plugin is removed, then enable it with the script and verify if the Agent functions accurately.
Related Articles
RSA Authenticator 6.2.2 for Windows Administrator Guide Number of Views RSA MFA Agent 2.3.4 for Microsoft Windows Installation and Administration Guide Number of Views RSA MFA Agent for Microsoft Windows failed to download offline days Number of Views RSA MFA Agent 2.3 for Microsoft Windows Installation and Administration Guide Number of Views RSA MFA Agent 2.3.5 for Microsoft Windows Installation and Administration Guide Number of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.4.3 for Microsoft Windows Group Policy Object Template Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.4.3 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026)
