Configure Okta org
Before installing the Okta credential provider for Windows, you must :
- Define a group for the end users who will authenticate RDP sign ins.
- Specify MFA authenticators, including the authenticator to use for RDP sign in.
- Add and configure the Microsoft RDP (MFA) app.
- Define groups the will be used to authenticate:
- Sign in to your Okta tenant as an administrator.
- In the Admin Console, go to Directory > Groups.
- Click Add Group.
- Complete the fields in the Add group dialog and click Save.
- Add people to the group. See Users, groups, and profiles.
- Specify authentication:
- In the Admin Console, go to Security > Authenticators.
- From the Add Authenticator dialog, select an authenticator. For example Okta Verify.
- Configure factor specific settings as appropriate.
- Once added, some Authenticators may be further configured from the list of added Authenticators by clicking Actions > Edit.
Note: Okta recommends that at a minimum, Okta Verify be specified.
See also About MFA authenticators.
- Configure enrollment:
- In the Admin console, go to Security > Authenticators.
- Select the Enrollment tab.
- Click Add Multifactor Policy.
- Enter a Policy name and optional Policy description.
- In the Assign to groups field, enter the name of the previously created group.
- In the Effective factors section, for each required authenticator, select Required.
- Click Create Policy.
- In the Add Rule dialog, define an appropriate rule and click Add Rule.
- Add and configure the Microsoft RDP (MFA) app:
- Sign in to your Okta tenant as an administrator.
- In the Admin console, go to Applications > Applications > Add Application, search for Microsoft RDP (MFA), and then click Add.
- Enter a unique application label and click Next.
- Click Done when complete.
RDP can fail with the error message Multifactor Authentication Failed if a user attempts to RDP into a server with the RDP agent installed that does not match an Microsoft RDP (MFA) App username.