Multi-Factor Authentication (2FA/MFA) for Remote Desktop Services (RDS)

Last updated on November 13, 2024

Overview of MFA for Remote Desktop Services (RDS)

Multi-Factor Authentication (MFA) for Remote Desktop Services (RDS) is an additional security measure that requires users to provide two separate authentication factors in order to gain access to RDS. The first factor requires users to enter their Active Directory/RADIUS username and password. Once the user has completed the first factor, they will be required to pass the second authentication step using one of the available methods such as Mobile Push or Email Link. After passing the two factors, the user is then granted access to the Remote Desktop Service, such as RD Gateway, RD Web Access, and RD Web Client. Enabling 2FA or MFA for RDS helps to protect against unauthorized access to resources even if a malicious actor knows the user’s login credentials.

Rublon introduces Multi-Factor Authentication (MFA) in a number of ways.

Rublon integrates with:

Microsoft RD Gateway
Microsoft RD Web Access (including RD Web Feed)
Microsoft RD Web Client

This is the documentation for Remote Desktop Services. Rublon also supports MFA for Windows Logon & RDP.

Before you start

Ensure that you have properly set up and configured your RD Gateway, RD Web Access, and/or RD Web Client.

Configuration of MFA for Remote Desktop Services (RDS)

Depending on your requirements, you can use either Rublon for RD Gateway or Rublon for RD Web Access. You can also configure your RD Web Access to use a specific RD Gateway for RDP connections.

Rublon MFA for RD Gateway

Introduce Two-Factor Authentication (2FA) to your Microsoft Remote Desktop Gateway logons. Integrate Remote Desktop Gateway with Rublon to add a second step to your login process. Provide your credentials as always and get a Mobile Push on your phone as an additional layer of security. If Mobile Push is not possible, e.g. the user has not installed the Rublon Authenticator mobile app, Email Link is used instead.

Read the documentation for Rublon 2FA for Remote Desktop Gateway.

Rublon MFA for RD Web Access

Introduce Two-Factor Authentication (2FA) to your browser RD Web logons. Integrate Remote Desktop Web Access with Rublon to add a second step to your login process. First you provide your credentials as always. Then, you select one of the available authentication methods from the Rublon Prompt. Rublon Two-Factor Authentication will greatly enhance the security of your RD Web Access logons.

Read the documentation for Rublon 2FA for Remote Desktop Web Access.

Rublon MFA for RD Web Client

Introduce Two-Factor Authentication (2FA) to your RD Web Client logons. Integrate the Remote Desktop Web Client with Rublon to add a second step to your login process. First, you provide your credentials as always. Then, you receive a Mobile Push authentication request on your phone. If a Mobile Push is not possible, an Email Link is sent to your email address. Rublon Two-Factor Authentication will greatly enhance the security of your RD Web Client logins.

Read the documentation for Rublon 2FA for Remote Desktop Web Client.

Configure RD Gateway for RD Web Access Remote Connections

Connect to RD Web Access with Internet Explorer to enable a feature, which allows you to connect to any Remote Desktop of your choice. You can define the remote desktop under Connection options in the RemoteApp and Desktops tab in Web Access. Provide the address of your RD Gateway to use it in an RDP connection started from Web Access. Refer to the following steps:

1. Log in to RD Web Access as administrator.

2. Open the Internet Information Services (IIS) Manager and go to Your Server → Sites → Default Web Site → RDWeb → Pages.

3. Double-click Application Settings and then double-click DefaultTSGateway.

4. Provide the domain of your RD Gateway. You have to provide a fully qualified domain name (FQDN) of your RD Gateway server.

5. Click OK to save the changes.

Troubleshooting

If you encounter any issues with your Rublon integration, please contact Rublon Support.