Configure Okta org

Before installing the Okta credential provider for Windows, you must :

  • Define a group for the end users who will authenticate RDP sign ins.
  • Specify MFA factors that include the factor to use for RDP sign in.
  • Add and configure the Microsoft RDP (MFA) app.
  1. Define groups the will be used to authenticate:
    1. Sign in to your Okta tenant as an administrator.
    2. In the Admin Console, go to DirectoryGroups.
    3. Click Add Group.
    4. Complete the fields in the Add group dialog and click Save.
    5. Add people to the group. See Users, groups, and profiles.
  2. Specify authentication:
    1. In the Admin Console, go to SecurityMultifactor.
    2. Select the Factor Types tab.
    3. Activate a factor by selecting it and clicking InactiveActivate.

      4. See also MFA.

  3. Add and configure the Microsoft RDP (MFA) app:
    1. Sign in to your Okta tenant as an administrator.
    2. In the Admin console, go to Applications > Applications.
    3. Click Add Application and enter Microsoft RDP (MFA) in the search box.
    4. On the General tab, assign any desired application label and then add the application.
    5. Select the Assignments tab.
    6. Assign the application to groups or individuals as required.
    7. Save your changes.
    8. Select the Sign On tab.
    9. Click Add Rule and add any required sign on rules.
    10. Click Done when complete.

RDP can fail with the error message Multifactor Authentication Failed if a user attempts to RDP into a server with the RDP agent installed that does not match an Microsoft RDP (MFA) App username.