macOS administrator locked out due to RSA MFA Agent for macOS misconfiguration
Originally Published: 2020-06-24
Article Number
Applies To
RSA Product/Service Type: MFA Agent for macOS
RSA Version/Condition: 1.x
Issue
Cause
Workaround
- SSH to the macOS machine using an administrator account and edit the agent settings at /Library/Preferences/com.rsa.mfaconfig.plist. Options include setting disableCASforUnknownUser=true or enableCAS=false.
- SSH to the macOS machine using an administrator account and uninstall the RSA MFA Agent for macOS by running the following command:
sudo /Library/Application Support/RSA MFA Agent/UninstallRSAmacOSAgent.sh
- Sync the administrator (using sAMAccountName or equivalent) from your identity source to the Cloud Authentication Service and have the admin user register a mobile device. This will allow the administrator to meet the additional authentication requirement enforced by the RSA MFA Agent for macOS.
Related Articles
RSA Announces the Release of RSA MFA Agent 2.0 for macOS Number of Views RSA Announces that RSA SecurID Software Token 4.2.1 for Mac is Qualified on Mac OS 10.15 Catalina Number of Views RSA MFA Agent 2.0 for macOS Installation and Administration Guide Number of Views RSA Announces the Release of RSA SecurID Software Token 4.2.1 for Mac OS X Number of Views Deploy the RSA MFA Agent for macOS via Microsoft Intune Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager Patch Updates How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
