EnriM.42189 (Customer) asked a question.
Exclude Local machine Administrator from OKTA agent
We've using OKTA agent on some of our Application servers. so we can make use of OKTA MFA for specific users within AD ( achievable with Sign On Policy rules )
for different reasons we need also to log in as Local Administrator on some of those servers from time to time. Ading an enduser to OKTA named "Administrator" seems logical but is this possible?? ( end user profile needs a valid e-mail address) unless you change base attributes )
Hi Enri,
You can still use local AD accounts to login on your domain machines, that don't need to be tied to Okta in any way.
Don't hesitate to open a support case with us in order to get a better overview of your use case.
Hi Alin,
How can you achieve that? everytime I RDP and use one of the non Okta accounts, it failed
Thank you
Hi Alin,
Thank You for your reply
Maybe I had to elaborate more my question.
Our Instances are running on Virtual Environments. Some on EsX and some on the "Cloud"
in both cases we have to RDP ( no physical connection ) to this instances
Be it a AD Administrator or Local machine Administrator, OKTA Windows Credential Provider will not allow access unless "Network Connectivity" is lost
Although a workaround could be a block to all communications except to one specified IP ( to emulate a lost of internet and allow Local Administrator User to RDP) this will mean downtime for the services ( that we don't want )
So, is there any other way to exclude "Local Machine Administrator" from OKTA RDP agent ?
Thank You Again
No followup answer from Support on this?