The Okta Windows Credential Provider prompts users for MFA when signing in to supported Windows servers with an RDP client. It supports all Okta-supported MFA factors except Windows Hello and U2F tokens.
This article contains the steps to install the Okta credential provider for Windows. The following four items are also required:
To install, begin in Okta and verify or set up policies. Then, install the agent on the Windows server, return to Okta to create an app and assign users, and finally, test the setup. The installation contains three major installation steps and one testing step. Be sure to complete the testing after the installation.
Step 1 – Configure Okta
Before installing the Okta credential provider for Windows, your org must have the following three items configured.
Step 2 – Install the Okta Windows Credential Provider Agent on a Windows server
Org admins can download the OKTA Windows Credential Provider Agent at https://<your-org-name>-admin.okta.com/static/rdp/OktaWinLoginAgent-1.1.2.zip , where
Step 3 – Assign users to the Microsoft RDP (MFA) app in Okta
If you have users that do not need to provide MFA to sign in to the server, assign them to the app, but exclude them from the app-based sign on policy for the Microsoft RDP (MFA) app. The App-SignOn Policy is the only policy that is relevant to the Microsoft RDP App.
Testing – Verify MFA for RDP sessions
This verification process is the end-user sign in process.