AD-Joined server connections

After a team configures Advanced Server Access to work with an Active Directory (AD) domain, users can create Remote Desktop Protocol (RDP) connections to Windows servers. If a team adds a passwordless certificate for the AD domain, users can connect without needing to enter a password.

If a team doesn't add a certificate, users must manually enter their password to authenticate their RDP connection. Users always need to sign in to their Okta account before connecting to a server.


  • Domain controllers must have a valid certificate bound to the KDC Service that is trusted by member servers. The certificate type bound to the KDC service must be Domain Controller, Domain Controller Authentication, or Kerberos Authentication.
  • A gateway able to resolve AD domain DNS and forward RDP connections
  • A device running the Advanced Server Access client (v1.59.0 or later)
  • A device running a supported RDP client
    • MacFreeRDP (v2.4.0 only)
    • RoyalTSX
    • Windows Desktop RDP client

Advanced Server Access doesn’t currently support connections to discovered servers from other RDP clients.


Related topics