Remote Desktop Gateway - Configuring NPS/Radius to forward requests to Okta Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Adam ScottAdam Scott 

Remote Desktop Gateway - Configuring NPS/Radius to forward requests to Okta

Hi there,

I was wondering if it was possible to forward authentication requests coming through Remote Desktop Gateway to Okta, so users accessing from the internet into remote applications can have MFA enforced?


Drew PadorDrew Pador (Okta, Inc.)
Hello Adam,

You will want to download and install the Okta Radius Server Agent by logging into your Okta Admin and going to the Security tab and select Downloads


Drew Pador
Okta Technical Support Engineer
Scott LiScott Li

Is there any update on this topic? It looks like RD gateway server only supports Microsoft NPS server as Radius server. How to configure Okta Radius agent server as the proxy between RD gateway and NPS?

Rob PragerRob Prager
@Drew - this is not the correct solution. You cannot just install the Okta RADIUS client and done. As Scott Li stated, we are looking for a work around on the NPS issue so that we can have the RDP Gatwaway call the Okta RADIUS client/server and then enforce MFA based on a defined Okta policy for remote access through the gateway.
Rob PragerRob Prager
Currently DuoSecurity provides a Duo AUthentication for RD Gateway client. I would like to see Okta provide this too! If you want to play in the MFA space, you need to compete with Duo, and frankly Okta already has all the parts to assemble this solution for its customers. So please do it!
Jason DeChicioJason DeChicio
I'll second Rob's thoughts. We are a managed service provider that would love to see this capability from Okta instead of having to enlist Duo (yet another vendor) to provide the functionality!
Wes LazaraWes Lazara
OKTA has worked something out with a partner, Liebsoft, to handle this.  While it isn't quite as sophisticated as the DUO plugin, it gets the job done and is affordably priced.
Rob PragerRob Prager
Very aware of the Liebsoft partnership and was turned to them by our sales rep. My issue is this, Okta needs to provide this! Duo is moving in on Okta space and if they have and soon offer SSO, why use Okta? 

Our team was able to successfully forward RADIUS requests from an RD Gateway to Okta RADIUS agent. However, the agent does not even attempt to accept the request (no entries in Okta Radius log). This seems to be due to the AVP being sent by the RD Gateway highlighted below. Since the agent does not handle the request authentication eventually times out. This was tried many different options to alter the attributes being sent to no avail.  A case was opened with Okta and their only suggestion was to engage their professional services. Fail!
User-added image
Hugh KelleyHugh Kelley
Has anybody enabled the EA "Okta Radius App" feature to see if it improves matters?
Evier TaboraEvier Tabora

Hi Everyone,

Does anyone know what attributes should be added to NPS so that NPS proxies username and password to Okta RAdius Agent and not MAC address? 

Hugh KelleyHugh Kelley
Has anyone tried the new Okta RADIUS agent and the "all-in-one" mode?  I wonder if that would allow at least a crude RDP gateway.
When you implement a radius server for RDS Web you hate to check "allow clients to connect without negotiating an authentication method", Okta radius only supports PAP. Until they implement the functionnality this can't be configured.
Jon McNamara AdminJon McNamara Admin
I came here first looking for MFA on RDS and then came accross this NEW feature that Okta have released to support this...