Configure Okta org

Before installing the Okta credential provider for Windows, you must :

  • Define a group for the end users who will authenticate RDP sign ins.
  • Specify MFA authenticators, including the authenticator to use for RDP sign in.
  • Add and configure the Microsoft RDP (MFA) app.
  1. Define groups the will be used to authenticate:
    1. Sign in to your Okta tenant as an administrator.
    2. In the Admin Console, go to DirectoryGroups.
    3. Click Add Group.
    4. Complete the fields and then click Save.
    5. Add people to the group. See Users, groups, and profiles.
  2. Specify authentication:
    1. In the Admin Console, go to SecurityAuthenticators.
    2. Click Add authenticator.
    3. Locate a desired authenticator and click Add.
    4. Configure factor-specific settings and then click Add.

      5. At a minimum, add Okta Verify as an authenticator.

    5. In the Actions menu, choose Edit to configure more settings.

      6. See also About MFA authenticators.

  3. Configure enrollment:
    1. In the Admin console, go to Security > Authenticators.
    2. Select the Enrollment tab.
    3. Click Add Multifactor Policy.
    4. Enter a Policy name and optional Policy description.
    5. In the Assign to groups field, enter the name of the previously created group.
    6. In the Effective factors section, for each required authenticator, select Required.
    7. Click Create Policy.
    8. In the Add Rule dialog, define an appropriate rule and click Add Rule.
  4. Add and configure the Microsoft RDP (MFA) app:
    1. Sign in to your Okta tenant as an administrator.
    2. In the Admin console, go to Applications > Applications > Add Application, search for Microsoft RDP (MFA), and then click Add.
    3. Enter a unique application label and click Next.
    4. Click Done when complete.

RDP can fail with the error message Multifactor Authentication Failed if a user attempts to RDP into a server with the RDP agent installed that does not match an Microsoft RDP (MFA) App username.