Normally, Advanced Server Access creates and manages local accounts for members of a team. After configuration, users can launch RDP sessions with an existing AD account. See Configure Active Directory account mapping.
Centralized AD connections
Advanced Server Access centrally stores all authentication and routing information related to a specific AD domain on the Connections page. Teams can add multiple connections to support multi-domain environments. See Create an Active Directory connection.
Passwordless authentication
Teams can add signed certificates to allow users to launch RDP sessions without needing to enter their AD password. An AD domain controller can sign the certificates or teams can use self-signed certificates for testing purposes. See Passwordless certificates.
Server discovery
Server sync jobs let teams automatically sync (add new servers, update details for existing servers, and remove unavailable servers). See Active Directory server discovery.
Unmanaged server connections
Teams can connect to discovered servers without installing the Advanced Server Access server agent. See AD-Joined server connections.
Auditing
Advanced Server Access records event data and allows teams to track when servers are added, removed, or accessed by users.
Integrated PolicySync
AD-Joined integrates support for PolicySync, a separate Advanced Server Access feature. PolicySync adds fine-grained access control for Advanced Server Access projects.
AD-Joined can use PolicySync to locate and import metadata from AD for use as server labels used via selectors. See PolicySync: Attribute-Based Access Control.
Supported usage scenarios
Scenario
Account type
Server agent required?
Connection type
Sign in Experience
User connects directly to an Advanced Server Access managed Windows server
Local account
Yes
Direct
Password required
User connects through an Advanced Server Access gateway to an Advanced Server Access managed Windows server
Local account
Yes
Gateway
Password required
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users must manually enter their AD password.
AD account
No
Gateway
Okta SSO
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users don't need to enter a password.