After enabling RSA SecurID two-factor authentication, users get multiple login prompts and cannot login to OWA, how can I fix this?

Additional login prompts are often the result of incorrect authentication settings. For RSA SecurID two-factor authentication interoperation with a Client Access Server (CAS), the owa virtual directory must have Integrated Windows Authentication enabled and Anonymous Access disabled.

To verify these setting on the CAS,

Launch the IIS Manager (Start/Run/inetmgr).
Navigate to Web Sites\ Default Web Site\owa.
Right-click on owa and select Properties.
Select the Directory Security tab.
Under Authentication and Access control click Edit.
Uncheck the Enable Anonymous Access option.
Check the Integrated Windows Authentication option.
Click Apply and OK to save the changes.
Restart the IIS service (Start/Run/iisreset /noforce).

If further login issues occur, we recommend contacting the RSA support team.