Configure your Okta org for MFA Credential Provider for Windows

Before you install the Okta MFA Credential Provider for Windows, you must complete the following tasks in your Okta org:

• Define a group for the users allowed to access the Windows Server using RDP.
• Enable the MFA factors to use for RDP sign-in.
• Add and configure the Microsoft RDP (MFA) app.

1. Define groups to use for authentication:

   1. In the Admin Console, go to DirectoryGroups.

   2. Click Add Group.
   3. Complete the fields and then click Save.
   4. Add people to the group. See User management.
2. Enable MFA:

   1. In the Admin Console, go to SecurityMultifactor.

   2. Select the Factor Types tab.
   3. Select a factor and then select Activate from the dropdown menu. See Multifactor Authentication.
3. Add and configure the Microsoft RDP (MFA) app:
   

   1. In the Admin Console, go to ApplicationsApplications.

   2. Click Browse App Catalog.
   3. Search for and select Microsoft RDP (MFA), and then click Add Integration.
   4. Click Add on the Microsoft RDP (MFA) app.
      
   5. Enter a name for the app and then click Next. RDP may fail if the name of the RDP agent that the user connects to doesn't match the Microsoft RDP (MFA) App name.
   6. On the General tab, assign any desired application label and then add the application.
   7. Select the Assignments tab.
   8. Assign the application to groups or individuals.
   9. Save your changes.
   10. Select the Sign On tab.
   11. Click Add Rule and add any required sign-on rules.
   12. Click Done when complete.