Need Help? We are right here!
The Remote Desktop Protocol (RDP) is one of the most commonly used technologies for remote access to server-based applications or desktops. A dedicated network channel is created by RDP to allow data to be set back and forth between the remote desktop and the computer currently in use. However, ransomware attacks are primarily associated with unprotected Remote Desktop Protocol (RDP). Considering the pace of Password-based security breaches relying only on basic usernames and passwords to secure RDP user's accounts is no longer an option. That’s the reason it has become neccessary to add additional layers of security to filter out unauthorized users. miniOrange Multi-Factor Authentication (2FA/MFA) for Remote Desktop Protocol (RDP) prevents these sorts of Password Based breaches and adds an additional layer of security to your Microsoft Windows account.
Enabling Windows RDP MFA always verifies identities before allowing access, making it more difficult for unauthorized users to gain access to your Microsoft Windows account. miniOrange Credential Provider can be installed on Microsoft Windows Client and Server operating systems to enable the Multi-Factor Authentication to Remote Desktop Protocol (RDP).
Windows Remote Desktop Protocol (RDP) MFA solution is also responsible for your User Management with a Microsoft Active Directory or an LDAP directory. With this 2FA / MFA solution, users will get easy access to the endpoints they need to access by increasing identity assurance and reducing the risk and exposure. You can also enable offline access accordingly for secure authentication. miniOrange's advanced MFA solution organizations are able to get secure access to all work applications, for all their users, from anywhere, with any device they choose.
miniOrange 2FA/MFA Credential Provider for Remote Desktop Protocol (RDP) access supports following Multi-Factor Authentication (MFA) Methods:-
|miniOrange Authenticator||Soft Token|
|miniOrange Push Notification|
|Mobile Token||Google Authenticator|
|SMS||OTP Over SMS|
|SMS with Link|
|OTP Over Email|
|Email with Link|
|Call Verification||OTP Over Call|
|Hardware Token||Yubikey Hardware Token|
|Display Hardware Token|
miniOrange Credential Provider for Remote Desktop Protocol (RDP) Access supports both client and server operating systems.
Supported Microsoft Windows Client versions:
Supported Windows Server versions(GUI and core installs):
miniOrange Two-Factor Authentication(2FA/MFA) Credential Provider for Remote Desktop Protocol also requires .NET Framework 4.5 or later. If the correct .NET version is not present on your system then miniOrange Credential Provider setup prompts you to install the .NET Framework.
miniOrange 2-Factor Authentication (2FA/MFA) Credential Provider can also be installed via group policy software publishing and Group policy administrative templates.
miniOrange offers free help through a consultation call with our System Engineers to Install or Setup Multi-Factor Authentication (MFA) for Remote Desktop Protocol (RDP) solution in your environment with 30 days trial.
For this, you need to just send us an email at email@example.com to book a slot and we'll help you setting it up in no time.
In this step, we are going to setup your MFA preferences, such as:
We’ll do a simple test to see how 2FA prompt will show up on your logon screen and to check if everything was configured correctly.
The Username you are entering must exist and must have the same Username in the Windows and in the users list of your miniOrange account. Don’t pass the domain name while adding username in the command.
Group Policy provides centralized management and configuration of operating systems, applications, and users settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO).
Network administrators have one place where they can configure a variety of Windows settings for every computer on the network.
We are using GPO to simplify the installation of credential provider software and propagating windows registry settings of this software in one go for each computer joined to the domain.
Follow the steps to Setup miniOrange Multi-Factor Authentication (2FA/MFA) Credential Provider Group Policy:
miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Okta, Shibboleth, Ping, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more. You can configure your existing directory/user store or add users in miniOrange.
1. Create User in miniOrange
2. Bulk Upload Users in miniOrange via Uploading CSV File.
Here's the list of the attributes and what it does when we enable it. You can enable/disable accordingly.
|Activate LDAP||All user authentications will be done with LDAP credentials if you Activate it|
|Sync users in miniOrange||Users will be created in miniOrange after authentication with LDAP|
|Fallback Authentication||If LDAP credentials fail then user will be authenticated through miniOrange|
|Allow users to change password||This allows your users to change their password. It updates the new credentials in your LDAP server|
|Enable administrator login||On enabling this, your miniOrange Administrator login authenticates using your LDAP server|
|Show IdP to users||If you enable this option, this IdP will be visible to users|
|Send Configured Attributes||If you enable this option, then only the attributes configured below will be sent in attributes at the time of login|
Refer our guide to setup LDAPS on windows server.
miniOrange integrates with various external user sources such as directories, identity providers, and etc.
The user initiates the login to Remote Desktop Service either through a Remote Desktop Client or via the RD Web login page from his browser, after which the RADIUS request is sent from the miniOrange RD Web component installed on the target machine to the miniOrange RADIUS server, which authenticates the user via Local AD, and after successful authentication, 2-factor authentication of the user is invoked. After the user validates himself, he is granted access to the Remote Desktop Service (RDP).
Additional Resources :
Our Other Identity & Access Management Products