MFA for Windows Credential Provider
The Okta Credential Provider for Windows enables strong authentication using MFA with Remote Desktop Protocol (RDP) clients. Using the Okta Credential Provider for Windows, RDP clients (Windows workstations and servers) are prompted for MFA when accessing supported domain joined Windows machines and servers.
Requirements for installing the Okta Credential Provider for Windows:
- Proxy Configuration: The Okta Credential Provider for Windows does not support a discrete proxy configuration but will obey system level proxy configurations. To understand management of proxies on Windows machines, refer to docs.microsoft.com.
- The Windows machine used for installation must have an active internet connection with port 443 open.
- The installing account must have administrative rights to install the Okta Windows Credential Provider Agent, Visual C++ Redistributable and .NET 4.0+.
- Inline enrollment is not supported.
End users cannot enroll
a factorduring an RDP sign in. End users must have enrolled their MFA factorspreviously. End users without an enrolled factorreceive an authentication failed response from Okta when attempting to sign into a Windows server using RDP.
TLS 1.2 is required. For information on enabling TLS 1.2 in .NET and in Microsoft Internet Explorer browsers, see Okta ends browser support for TLS 1.1.
The Okta Credential Provider for Windows agent can be installed on the following:
- Windows Server 2019 - v1.3.0 and later.
- Windows Server 2016
- Windows Server 2012
- Windows Server 2012 R2
The following MFA
- Custom TOTP Authentication
- Google Authenticator
- On-Prem MFA (RSA)
- Okta Verify
Okta Verify supports Send push automatically and Do not Challenge for the next X hours options. These options are managed locally via browser cookies. If the browser is configured to automatically clear cache and cookies on window close then these settings would need to be set again anytime a new browser window is opened or any time cache and cookies are cleared.
- Security Question
- SMS Authentication
- Symantec VIP
- Voice Call
|Download the agent||
|Configure Okta org||
|Install the agent
|Test and verify||