Assign users/groups to the Microsoft RDP (MFA) app
You must assign the Microsoft RDP (MFA) app to all users who log in to machines that have the Credential Provider installed. By default, the App Sign-On policy for this app prompts for MFA every login.
- In the Admin Console, go to .
- Locate the Microsoft RDP (MFA) app.
- Click the app name.
- Select the Sign On tab.
- In the Settings section, select Edit.
- Select the Application username format to assign to users of this app. The default is Okta username.
The username that you enter must match the format that you selected in the preceding step. Suppose a user's full UPN is in the format firstname.lastname@example.org. If you're using the AD SAM account name as the Application username format, enter only the name portion of the UPN for the username. The AD SAM account name includes the @yourorg.com portion of the UPN.
- Click Save.
- Select the Assignments tab.
- Assign people or groups to the app. To assign the app to users:
- Select Assign > Assign to People.
- Click Assign beside a user to assign to the app.
- Click Save and Go back.
- Repeat the previous two steps to add other users to the app.
- Click Done.
- Click Assign and select Assign to Groups.
- Click Assign beside each group to which to assign the app.
- Select the Sign On tab to configure sign on rules for this app.
- Scroll to the Sign On Policy section.
- The default setting for User assigned this policy for this app is Require Multifactor every sign on. Create another sign on rule if you don't want to prompt some or all of your users for MFA. Assign users to the new rule and clear the Prompt for factor checkbox. Click Save when finished. Your system configuration is complete.
Okta sign on policy doesn't apply to Microsoft RDP (MFA). Okta only evaluates the app sign on policy defined in this step.