WsiAccount is a legitimate, system-managed local account in Windows that is automatically created by the operating system as part of the Web Sign-in credential provider flow (e.g., Temporary Access Pass or when PIN reset processes are triggered without a fully established primary user profile). It is not a regular user account that any user or administrator manually created.
Why WsiAccount appears (and why it shows up in Rublon MFA)
When a Windows device uses Web Sign-in during login (for example, as part of an onboarding flow with a Temporary Access Pass or a passwordless sign-in experience), Windows temporarily enables the WsiAccount. Because Rublon MFA hooks into the authentication process, it can observe this account and create a corresponding user entry in the Rublon Admin Console.
This happens because:
• Windows uses WsiAccount as a temporary context during Web Sign-in, even if no “actual user” profile has been fully established yet.
• Rublon MFA sees the account during authentication and, seeing no other existing user, creates a new WsiAccount user entry.
Why the WsiAccount looks like a regular user in Rublon MFA
Although WsiAccount is not a typical user:
• It ends up in the Rublon Admin Console because of how Rublon MFA’s auto-provisioning works.
• It is not associated with a real person or valid MFA methods.
• It cannot complete an MFA challenge because Rublon MFA cannot determine which real user the authentication attempt belonged to.
Is it safe to delete the WsiAccount in Rublon MFA?
From a Rublon MFA perspective:
• The presence of WsiAccount in Rublon MFA is not a security threat on its own.
• Rublon MFA cannot challenge this account for MFA, so it will not be able to authenticate as a user.
• Removing it from the Rublon Admin Console is safe and will not affect other users or the environment.
From a Windows system perspective:
Do not delete or disable the WsiAccount local account directly in Windows. This account is used by the Web Sign-in credential provider, and removing it may interfere with system sign-in processes.
Troubleshooting
We are aware that some users see WsiAccount entries appear unexpectedly in the Rublon Admin Console and Rublon Authenticator when using Rublon MFA for Windows Logon and RDP.
At this time, we are actively investigating this behavior. Once we have more concrete information, we will update this article. In the interim, you are free to delete WsiAccount entries from the Rublon Admin Console and Rublon Authenticator.
If you have additional diagnostics, logs, or specific circumstances where this occurs, contact Rublon Support. Your feedback may help narrow down the cause.
Helpful Links
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article