masiullahk.25820 (Customer) asked a question.
Active Directory integration---Microsoft RDP
Have done the AD integration, which is working fine with AD. and have installed the Microsoft RDP (MFA Credential Provider for Windows) in my jump server, login is working fine with AD cred and asking for okta mfa. have done the integration for one user folder, by domain admin user is in different folder (OU), when am trying with making AD agent down and accessing the RDP server with domain admin user which is not associated (Group OUs connected to Okta). as its in diff group, its also asking for okta mfa and am getting error saying multifactor authentication failed. any ways to exclude other group asking from okta MFA???
Hi @masiullahk.25820 (Customer) , Thank you for reaching out to the Okta Community!
Please check https://help.okta.com/en-us/Content/Topics/Security/proc-mfa-win-creds-rdp.htm
"You must assign the Microsoft RDP (MFA) app to all users who log in to machines that have the Credential Provider installed. By default, the App Sign-On policy for this app prompts for MFA every login."
Once the users are assigned, you could implemented app level sign on policies where you might define users or groups that do not have to use MFA. More details here:
https://help.okta.com/en-us/Content/Topics/Security/policies/about-app-signon-policies.htm
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Community members help others by clicking Upvote or Select as Best on responses. Try it today.