Using OKTA for Microsoft RD Web Access Skip to main content
https://support.okta.com/help/answers?id=906f0000000xzfhia4&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Wayne KalseyWayne Kalsey 

Using OKTA for Microsoft RD Web Access

Hello,

We have several Microsoft RD Web Access Serers in our company.  These Microsoft RD Web Access Servers provide a web based login page where users have to provide their domain username and password to access published applications.  For those who are familier with Microsoft RD Web Access, is there any information or guidance on setting OKTA up to access these RD Web Access sites?  We would like to add our RD Web Access sites to our OKTA environment to take advantage of SSO.

Any guidance on how to do this or best practices for this would be appreciated.

Thank you in advance.
James GarvinJames Garvin (Okta)
Hi Wayne,

I would strongly suggest you work with Professional Services to do this.  You'll need to use Windows Identity Foundation (WIF), modify the config for the C2WTS service so you can enable it, and then you'll need to create a WS-Fed template app in Okta.

I don't know that we have documentation on this process as it is somewhat complicated and somewhat specific to your environment.  
Wayne KalseyWayne Kalsey
I appreciate the quick response and will definitly do that.

Let me ask you this, my first thought was to look in the Okta Application Network.  Not seeing anything there, my next thought was to use the Applicatin Integration Wizard to create a Secure Web Access process.  (I ruled out SAML since it was internal and we do not have SAML experts in house).  I did not think to contact Professional Services.

What is the best practice for deciding on a method to use for setting up an application for Single Sign-On if the application is not in the Okta Application Network?  Should one proceed with the Application Integration Wizard or reach out to OKTA for advice (like in this case)?

Also, if SAML 2.0 is not available, should that raise a concern?  Is the Secure Web Access method considered an less secure process?  Would attempting to use SWA for RD Web Access be a risky choice?

Thank you.

 
Wayne KalseyWayne Kalsey
Hi James,

Is using Secure Web Authentication another alternative for Microsoft RD Web Access or is that approach not recommended?
Darron HellmannDarron Hellmann (Okta)
Hi Wayne

Secure Web Authentication is a viable alternative to the provided solution. Although less secure as WS-FED and SAML, forms based authentication will still provide a desirable SSO experience. Okta offers many SWA apps where SAML and WS-FED aren't supported.
Wayne KalseyWayne Kalsey
Darron,  I was able to set RD Web Acces up using the SWA method with Okta plug-in.  However, for this to work, the user must click the "refresh" page a few times to trigger the plug-in to populate the credentials.  I tested this with Yahoo mail as a secondary test.  Yahoo mail worked as expected every single time.  Is there something about Microsoft RD Web Access that would require the user to refresh the page a couple times to get things to work?
Darron HellmannDarron Hellmann (Okta)
Hey Wayne

With SWA apps and the different flavors of browsers, browser security settings, add-ons, extensions, etc, this is common behavior and one of the reasons why SAML is so much more desireable. Might I suggest adjusting security settings within the browser to see if you can acquire a better experience?
Kristin BakerKristin Baker
We worked with the Okta Support team to get ours set up properly. We can go to RDS site and it will log the user in. It just works. However, if the user needs a username/password for any of their programs within RDS, they will have to type in their password for that. Okta doesn't do dual layer auth. 
Wayne KalseyWayne Kalsey
Thank you for the reply.  Were you able to use a SAML 2.0 configuration or did you use the OKTA plug-in method?