AD-Joined server connections
End of sale announcement
Effective May 1, 2026, Okta will no longer sell or renew Advanced Server Access. Existing customers must migrate to Okta Privileged Access within one year of their next scheduled renewal date to maintain service.
Read the FAQ and learn more about Okta Privileged Access.
After a team configures Advanced Server Access to work with an Active Directory (AD) domain, users can create Remote Desktop Protocol (RDP) connections to Windows servers. If a team adds a passwordless certificate for the AD domain, users can connect without needing to enter a password.
If a team doesn't add a certificate, users must manually enter their password to authenticate their RDP connection. Users always need to sign in to their Okta account before connecting to a server.
Requirements
- Domain controllers must have a valid certificate bound to the KDC Service that is trusted by member servers. The certificate type bound to the KDC service must be Domain Controller, Domain Controller Authentication, or Kerberos Authentication.
- A gateway able to resolve AD domain DNS and forward RDP connections
- A device running the Advanced Server Access client (v1.59.0 or later)
- A device running a supported RDP client
- MacFreeRDP (v2.4.0 only)
- RoyalTSX
- Windows Desktop RDP client
Advanced Server Access doesn't currently support connections to discovered servers from other RDP clients.
Tasks
- Connect to servers through the Advanced Server Access dashboard
- Connect to servers through the command line