Configure Okta org

Before installing the Okta credential provider for Windows, you must configure:

  • A group for the end users who will authenticate RDP sign ins.
  • MFA factors that include the factor to use for RDP sign in.
  • The Microsoft RDP (MFA) app.

The following sections detail each of these requirements.

Configure groups

To define groups within your Okta org:

  1. Sign in to your Okta tenant as an administrator.
  2. Navigate to Directory > Groups.
  3. Click Add Group.
  4. Click the name of the newly added group and use the various menu items to add members and manage group membership.
    Info

    User and group management is outside the scope of this document.
    For general information see Users, groups, and profiles

Configure factors

To select factors within your Okta org:

  1. Sign in to your Okta tenant as an administrator.
  2. In the Admin Console, navigate to Security > Multifactor.
  3. Select the Factor Types tab.
  4. Activate factors by selecting a factor and clicking Inactive > Activate.
Note

MFA management is outside the scope of this document. For more information, see MFA.

Configure application

  1. Sign in to your Okta tenant as an administrator.
  2. Select Applications > Applications.
  3. Click Add Application and enter Microsoft RDP (MFA) in the search box.
  4. On the General tab, assign any desired application label and then add the application.
  5. Select the Assignments tab.
  6. Assign the application to groups or individuals as required.
  7. Save your changes.
  8. Select the Sign On tab.
  9. Click Add Rule and add any required sign on rules.
  10. Click Done when complete.
Important Note

Important

RDP can fail with the error message Multifactor Authentication Failed if a user attempts to RDP into a server with the RDP agent installed that does not match an Microsoft RDP (MFA) App username.