product icon

How do I sign in to my workstation via RDP using LastPass Workstation MFA?

    As a user, once LastPass Workstation MFA (with RDP access) has been set up, you can connect to your workstation remotely via RDP, then sign in to it by entering your Windows or Mac user account password. You are then prompted to authenticate using the LastPass Authenticator app (or YubiKey via the LastPass Authenticator app) on your mobile device for verification.

    Remember: Authentication methods will vary depending on how your account is set up and/or policies that are enforced by your LastPass Business admin.
    Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
    Before you begin: It is required that your LastPass Business admin completes all of the steps to enable RDP access for Workstation MFA for Windows or Mac.
    1. Connect to your workstation remotely via remote desktop – see Windows instructions for RDP or macOS instructions for Remote Desktop for details.
    2. On your workstation, enter your Windows or Mac user account password, then proceed to sign in.

      Result: You are prompted for multifactor authentication.
      Workstation MFA Authentication screen

    3. By default, a push notification is sent to via the LastPass Authenticator app on your mobile device. To choose a different authentication method, select the Having trouble? drop-down menu and choose any of the available options (depending on the policies enforced by your LastPass admin):
      Authentication Method Instructions
      Push notification via LastPass Authenticator app (default) Tap Accept when prompted.
      TOTP (time-based, one-time passcode) LastPass Authenticator app Select Enter passcode, then enter the time-based, one-time passcode (TOTP) provided via the LastPass Authenticator app.
      Phone call via LastPass Select Call me, then answer the phone call made by the LastPass automated system. Press the # key to verify your authentication.
      Remember: The phone number you set in your vault's Account Settings is not the phone number used for the Call Me feature. Learn more about the Call Me feature.
      YubiKey (only via the LastPass Authenticator app) Select YubiKey, then do the following:
      1. Insert your YubiKey device into the USB port of your computer.
      2. Wait until your YubiKey touch-button shines with a steady light and hold your fingertip on the touch-button for one (1) second to authenticate.
      Important: To use YubiKey with Workstation MFA, you must configure YubiKey as a backup authentication method via the LastPass Authenticator app during the enrollment flow.
      Remember: The last authentication method that was used will be served by default the next time you log in to your workstation.
    Results: You have connected to your workstation remotely and signed in using Workstation MFA.
    Related Articles