Configure your Okta org for MFA Credential Provider for Windows

Before you install the Okta MFA Credential Provider for Windows, you must complete the following tasks in your Okta org:

  • Define a group for the users allowed to access the Windows Server using RDP.
  • Enable the MFA factors to use for RDP sign-in.
  • Add and configure the Microsoft RDP (MFA) app.
  1. Define groups to use for authentication:
    1. Sign in to your Okta tenant as an administrator.
    2. In the Admin Console, go to DirectoryGroups.
    3. Click Add Group.
    4. Complete the fields and then click Save.
    5. Add people to the group. See Users, groups, and profiles.
  2. Enable MFA:
    1. In the Admin Console, go to SecurityMultifactor.
    2. Select the Factor Types tab.
    3. Select a factor and then select Activate from the dropdown.
    4. See also MFA.

  3. Add and configure the Microsoft RDP (MFA) app:
    1. In the Admin Console, go to ApplicationsApplications.

    2. Click Add Application and then enter Microsoft RDP (MFA) in the search box.
    3. Click Add on the Microsoft RDP (MFA) app.
    4. Enter a name for the app and then click Next. RDP may fail if the name of the RDP agent that the user connects to doesn’t match the Microsoft RDP (MFA) App name.
    5. On the General tab, assign any desired application label and then add the application.
    6. Select the Assignments tab.
    7. Assign the application to groups or individuals.
    8. Save your changes.
    9. Select the Sign On tab.
    10. Click Add Rule and add any required sign-on rules.
    11. Click Done when complete.