Professional Documents
Culture Documents
Rsa Mfa Agent Windows 2.3 Release Notes
Rsa Mfa Agent Windows 2.3 Release Notes
This document describes the RSA® MFA Agent 2.3 for Microsoft Windows release. It also includes workarounds for known
issues. Read this document before installing the software. This document contains the following sections:
l Product Overview
l What’s New
l Installing This Product
l Package Contents
l Documentation and Application Help
l Fixed Issues
l Known Issues
l Support and Service
l Upcoming End of Primary Support Details
These Release Notes may be updated. The most current version can be found on RSA Community on the RSA MFA Agent
for Microsoft Windows Documentation page.
Product Overview
RSA MFA Agent for Microsoft Windows works with the RSA Cloud Authentication Service and RSA Authentication Manager
to help secure sign-in to users Windows computers. You can configure the MFA Agent to challenge users either with or
without passwords.
Passwordless Authentication
Users can sign in to their computers without using a password. The MFA Agent uses Active Directory certificates to secure
passwordless authentication. Users need a registered FIDO2 security key and an Active Directory password for the first
authentication. Subsequent authentications require only a registered FIDO2 security key. The MFA Agent creates a
Microsoft Virtual Smart Card and enrolls it with a sign-in certificate to achieve passwordless authentication. Users can also
perform additional authentication when accessing Windows computers and User Account Control.
Note: Passwordless Authentication is applicable for domain users and is only supported when MFA Agent is connected
directly to the Cloud Authentication Service.
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
Password Authentication
Users can sign in to their computers with Windows password and additional authentication. A user enters the
username and password and then can be prompted for additional authentication, for example, by approving a
request in the RSA Authenticator.
RSA MFA Agent for Microsoft Windows is different from the RSA Authentication Agent for Microsoft Windows. For
more information on the differences, see the Installation and Administration Guide.
Terminology
RSA is gradually introducing a new consistent terminology across all products and platforms. The following table
describes this new terminology.
Company ID Organization ID
Account Credential
Software Token l SecurID OTP credential (when already in the context of software
credentials)
2
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
What’s New
This section lists the new features and enhancements introduced in current and past versions of RSA MFA Agent
for Microsoft Windows.
l Supports Windows Password Integration (WPI). Allows organizations to enable their users to sign in
without typing their Windows password.
Note: WPI support will require upgrading Authentication Manager to at least V8.7 SP1.
l RSA MFA Agent 2.2.1 comes with a new and intuitive user interface.
l The 2.1.4 version that was released in July 2022, is tested/qualified to support computers that are both
members of a Workgroup and a Domain.
3
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
l Users can sign in online and offline using SID700 hardware token (managed in Cloud Authentication
Service) by selecting RSA SecurID Token authentication method.
l Easy upgrade from versions 1.2.1, 2.0.1, 2.0.2, 2.0.3, and 2.1.
l Users can sign in to their computers without using a password. This update to the Agent enables
passwordless authentication to Windows 10 laptops and desktops using a FIDO2 security key with a USB
connector for both online and offline authentication. For more information, see this blog.
l Easy upgrade from versions 1.2, 1.2.1, 2.0.1, and 2.0.2.
4
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
You can also install the RSA Authentication Agent 7.4.5 for Microsoft Windows and RSA MFA Agent 2.3 for
Microsoft Windows on the same computer. You can migrate GPO policy settings from RSA Authentication Agent
7.4.0 to 7.4.5 for Microsoft Windows to MFA Agent 2.3 .
For installation and upgrade instructions, see Chapter 3, "Installing RSA MFA Agent" in the Installation and
Administration Guide.
Package Contents
RSA MFA Agent is available on the RSA MFA Agent for Microsoft Windows Downloads page.
l RSA_MFA_Agent_2.3_PolicyTemplates.zip
l RSA_MFA_Agent_2.3.zip
l RSA_MFA_Agent_Reserve_Password_Hash_Generator_2.2.1.zip
File Description
5
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
File Description
6
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
Fixed Issues
RSA MFA Agent 2.3, October 2023
This release includes fixes for the following issues:
AAWIN-6693. Fixed the Specify the Retry Count GPO not honored in disabled state.
AAWIN-6789. Fixed the sending wrong platform information to cloud when agent installed in Windows 11.
AAWIN-6670. Added a one-second delay before the FIDO key touch request.
AAWIN-6669. Fixed the issue of offline authentication failure with FIDO YubiKey.
AAWIN-6607. Fix for the issue when user first inputs wrong SMS OTP and follows with correct one and the
authentication was failing.
AAWIN-6574. Fix for the issue when Approve method was locked at the server end and the Agent receives
Approve request.
AAWIN-6431. Fixed the default agent name if it is not configured in the GPO.
AAWIN-6362. Fixed the encoding bug during encryption/decryption in the passwordless flow.
AAWIN-6322. Updated the count of offline day files in the notification area when user locks/unlocks.
AAWIN-6321. Fixed the deadlock which occurs during download of offline day files using Refresh button on the
system tray.
AAWIN-6188. Fix for the issue when the agent cannot update the user attributes (e.g. email address) after
changing in the AD.
AAWIN-6058. Fix for the issue when multiple offline authentication attempts result in deadlock of service.
AAWIN-6111. When the software OTP was redistributed, offline authentication failed because the cached
offline data was not updated.
AAWIN-6132. MFA Agent offline authentication failed when it was connected to AM and when the OTP PIN had
an upper-case character.
7
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
AAWIN-6138. In some environments, the MFA Agent intermittently performed an offline authentication after a
network state change when the system was actually online.
AAWIN-6109. Added the system local time to the trace logs. UTC time was already used in the logs.
AAWIN-6090. Resolved an issue in which the Windows calendar configuration prevented offline data
downloads.
AAWIN-6066. The Agent was not able to retrieve certain user attributes (alternate usernames) in some multi-
forest environments, which caused authentication to fail. This has been fixed.
AAWIN-6054. In some cases, passwordless authentication provisioning required Azure to be available. This
issue has been resolved.
AAWIN-6048. The Agent was not able to retrieve certain user attributes (such as the SID and alternate
usernames) in some environments, which caused authentication (both online and offline) to fail. This has been
fixed.
AAWIN-5964. Added a Windows Event Viewer entry for users who are not in a challenge group and who did not
require additional authentication.
AAWIN-5323.The RSA MFA Agent no longer excludes the RSA Windows Agent's Credential Provider when the
'Exclude Third-Party Credential Providers' policy is enabled.
AAWIN-6000. Resolved an issue with authenticating an RDP logon for a user in a remote trusted forest.
AAWIN-5678. Resolved offline authentication issues on the German version of Microsoft Windows.
AAWIN-5525. Resolved issues with the RSA Notification icon on Windows 10 systems.
AAWIN-5360. Trace logging partially captured credentials before they were submitted for authentication.
AAWIN-5215. Resolved an issue sending a username in UPN format to RSA Authentication Manager.
AAWIN-5184. The MFA Agent no longer installs the PowerShell script MFAAuthProviderACLSettings.ps1.
AAWIN-4612. In some customer environments, after the laptop on which the MFA Agent was installed woke
from sleep, the MFA Agent authenticated offline.
8
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
Known Issues
This section describes known issues and workarounds.
Problem: When the following steps are performed, input to the keyboard is disabled.
1. Connecting the target PC by RDP, then fill in the credential for NLA.
Workaround: By clicking once with the mouse on any of the links displayed in the logon screen, the keyboard
operation is restored to a valid state.
On slow networks, the offline day files count on the RSA System tray icon is not accurate.
Tracking Number:AAWIN-6333
Problem: On slow networks, it is observed that the MFA agent is not showing the correct offline day files count
when a customer hovers the mouse over the RSA MFA System tray icon.
9
RSA® MFA Agent 2.3 for Microsoft Windows Release Notes Release Notes
© 2006-2023 RSA Security LLC or its affiliates. All Rights Reserved. RSA, and other trademarks are trademarks
of RSA Security LLC or its affiliates ("RSA"). Other trademarks are trademarks of their respective owners.
This software contains the intellectual property of RSA or is licensed to RSA from third parties. Use of this
software and the intellectual property contained therein is expressly limited to the terms and conditions of the
License Agreement under which it is provided by or on behalf of RSA.
This product may be distributed with open source code, licensed to you in accordance with the applicable open
source license. If you would like a copy of any such source code, RSA or its affiliates will provide a digital copy of
the source code that is required to be made available in accordance with the applicable open source license.
Please direct requests in via email to RSA Legal, legalnotices@rsa.com.
10