AD-Joined server connections

After a team configures Advanced Server Access to work with an Active Directory (AD) domain, users can create Remote Desktop Protocol (RDP) connections to Windows servers. If a team adds a passwordless certificate for the AD domain, users can connect without needing to enter a password.

If a team doesn't add a certificate, users must manually enter their password to authenticate their RDP connection. Users always need to sign in to their Okta account before connecting to a server.

Requirements

• Domain controllers must have a valid certificate bound to the KDC Service that is trusted by member servers. The certificate type bound to the KDC service must be Domain Controller, Domain Controller Authentication, or Kerberos Authentication.
• A gateway able to resolve AD domain DNS and forward RDP connections
• A device running the Advanced Server Access client (v1.59.0 or later)
• A device running a supported RDP client
  • MacFreeRDP (v2.4.0 only)
  • RoyalTSX
  • Windows Desktop RDP client

Tasks

• Connect to servers through the Advanced Server Access dashboard
• Connect to servers through the command line

Related topics

• Configure an Advanced Server Access gateway for AD-Joined
• Install the Advanced Server Access client
• Passwordless certificates