Features and usage

Features

Feature Description
Delegated authentication for RDP connections Normally, Advanced Server Access creates and manages local accounts that are made available when a user starts a Remote Desktop Protocol (RDP) session. After configuration, users can launch RDP sessions with an existing AD account. See Configure Active Directory account mapping.
Centralized AD connections Advanced Server Access centrally stores all authentication and routing information related to a specific AD domain on the Connections page. Teams can add multiple connections to support multi-domain environments. See Create an Active Directory connection.
Passwordless authentication Teams can add signed certificates to allow users to launch RDP sessions without needing to enter their AD password. Passwordless certificates are signed by your Domain Controller or can be self-signed for testing purposes. See Passwordless certificates.
Server discovery Server sync jobs allow teams to automatically sync (add new servers, update details for existing servers, and remove unavailable servers). See Server discovery.
Unmanaged server connections

Teams can connect to discovered servers without installing the Advanced Server Access server agent. See AD-Joined server connections.

Auditing Advanced Server Access records event data and allows teams to track when servers are added, removed servers, or connected to by users.
Integrated PolicySync AD-Joined integrates support for PolicySync, a separate Advanced Server Access feature also currently in Early Access, that adds fine-grained access control for Advanced Server Access projects. AD-Joined can use PolicySync to locate and import metadata from AD for use as server labels used via selectors. See PolicySync: Attribute-Based Access Control.

Supported usage scenarios

Scenario Account type Server agent required? Connection type Sign in Experience
User connects directly to an Advanced Server Access managed Windows server Local account Yes Direct Password required
User connects through an Advanced Server Access gateway to an Advanced Server Access managed Windows server Local account Yes Gateway Password required
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users must manually enter their AD password. AD account No Gateway Okta SSO
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users don't need to enter a password. AD account No Gateway Okta SSO