Features and usage

Features

Feature Description
Delegated authentication for RDP connections Normally, Advanced Server Access creates and manages local accounts for members of a team. After configuration, users can launch RDP sessions with an existing AD account. See Configure Active Directory account mapping.
Centralized AD connections Advanced Server Access centrally stores all authentication and routing information related to a specific AD domain on the Connections page. Teams can add multiple connections to support multi-domain environments. See Create an Active Directory connection.
Passwordless authentication Teams can add signed certificates to allow users to launch RDP sessions without needing to enter their AD password. An AD domain controller can sign the certificates or teams can use self-signed certificates for testing purposes. See Passwordless certificates.
Server discovery Server sync jobs let teams automatically sync (add new servers, update details for existing servers, and remove unavailable servers). See Active Directory server discovery.
Unmanaged server connections

Teams can connect to discovered servers without installing the Advanced Server Access server agent. See AD-Joined server connections.

Auditing Advanced Server Access records event data and allows teams to track when servers are added, removed, or accessed by users.
Integrated PolicySync AD-Joined integrates support for PolicySync, a separate Advanced Server Access feature. PolicySync adds fine-grained access control for Advanced Server Access projects. AD-Joined can use PolicySync to locate and import metadata from AD for use as server labels used via selectors. See PolicySync: Attribute-Based Access Control.

Supported usage scenarios

Scenario Account type Server agent required? Connection type Sign in Experience
User connects directly to an Advanced Server Access managed Windows server Local account Yes Direct Password required
User connects through an Advanced Server Access gateway to an Advanced Server Access managed Windows server Local account Yes Gateway Password required
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users must manually enter their AD password. AD account No Gateway Okta SSO
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users don't need to enter a password. AD account No Gateway Okta SSO