Assign users/groups to the Microsoft RDP (MFA) app

All users who login to any machine that has the Credential Provider installed will need to be assigned to the Microsoft RDP (MFA) app. By default, the App Sign-On policy for this app prompts for MFA every login.

  1. Sign in to your Okta tenant as an administrator.
  2. Navigate to Applications > Applications.
  3. Locate the Microsoft RDP (MFA) app.
  4. Click the app name.
  5. Select the Sign On tab.
  6. In the Settings section, select Edit.
  7. Select an the Application username format to assign to users of this app.
    The default is Okta username.
    Info

    Important

    The user name entered here must match the format you selected in the preceding step. For example, in the case that the full UPN for a user is in the format name@yourorg.com, and you entered AD SAM account name for the username format above, enter only the name portion of the UPN for the user name. The @yourorg.com portion of the UPN is included in the AD SAM account name.

  8. Click Save.
  9. Select the Assignments tab.
  10. Assign people or groups:
    1. Select Assign > Assign to People.
    2. In the Assign <application name> to People dialog, click Assign for each user to be assigned to the app.
    3. Click Save and Go back or Cancel as required.
    4. Repeat as required to add additional users.
    Okta recommends assigning applications to groups rather than individual users for ease of management.
    1. Click Assign and select Assign to Groups.
    2. Locate the group you want to assign the application to and click Assign.
    3. Complete the fields in the Assign <application name> to Groups dialog box if it appears.

    4. Click Save and go back.

      The Assigned button for the group is disabled to indicate the application is assigned to the group.

    5. Repeat for additional groups.

     

  11. Select the Sign on tab to configure Sign on rules specific to this app.
  12. Scroll to the Sign On Policy section.
  13. The User assigned this policy for this app is set to Require Multifactor every sign on.
    Create a new sign on rule if you do not want to prompt some or all of your users for MFA.
    Assign users to the new rule and leave the ‘Prompt for factor’ checkbox unchecked.

    Info

    Note

    Okta sign on policy does not apply to Microsoft RDP App. Only the app sign on policy as defined in this step is evaluated.

  14. Select Save when finished. Your system is completely configured.