How do I sign in to my workstation via RDP using LastPass Workstation MFA?

    As a user, once LastPass Workstation MFA (with RDP access) has been set up, you can connect to your workstation remotely via RDP, then sign in to it by entering your Windows or Mac user account password. You are then prompted to authenticate using the LastPass Authenticator app (or YubiKey via the LastPass Authenticator app) on your mobile device for verification.

    Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
    Remember: Authentication methods will vary depending on how your account is set up and/or policies that are enforced by your LastPass Business admin.
    Before you begin: It is required that your LastPass Business admin completes all of the steps to enable RDP access for Workstation MFA for Windows or Mac.
    1. Connect to your workstation remotely via remote desktop – see Windows instructions for RDP or macOS instructions for Remote Desktop for details.
    2. On your workstation, enter your Windows or Mac user account password, then proceed to sign in.

      Result: You are prompted for multifactor authentication.Workstation MFA Authentication screen

    3. By default, a push notification is sent to via the LastPass Authenticator app on your mobile device. To choose a different authentication method, select the Having trouble? drop-down menu and choose any of the available options (depending on the policies enforced by your LastPass admin):
      Authentication Method Instructions
      Push notification via LastPass Authenticator app (default) Tap Accept when prompted.
      TOTP (time-based, one-time passcode) LastPass Authenticator app Select Enter passcode, then enter the time-based, one-time passcode (TOTP) provided via the LastPass Authenticator app.
      Phone call via LastPass Select Call me, then answer the phone call made by the LastPass automated system. Press the # key to verify your authentication.
      Remember: The phone number you set in your vault's Account Settings is not the phone number used for the Call Me feature. Learn more about the Call Me feature.
      YubiKey (only via the LastPass Authenticator app) Select YubiKey, then take the applicable action based on your YubiKey device:
      • Insert your YubiKey device into the USB port of your computer, then wait until your YubiKey touch-button shines with a steady light and hold your fingertip on the touch-button for one (1) second to authenticate
      • Tap Plug it in (if applicable), then plug in your YubiKey (using either the USB-C side for Android or the Lightning side for iOS)
      • Hold your YubiKey up to the NFC reader on the back of your mobile device
      Important: Using YubiKey as a standalone authentication method is not supported for Workstation MFA logins; only Yubikey authentication via the LastPass Authenticator app can be used.

      Remember: The last authentication method that was used will be served by default the next time you log in to your workstation.

    Results: You have connected to your workstation remotely and signed in using Workstation MFA.