How to apply MFA to Remote Desktop Gateway sessions

The Remote Desktop Gateway server typically is located in a corporate or private network. It acts as the gateway into which RDP connections from an external network connects through to access target workstations located on the corporate or private network.

Pre-requisites

• Desktop agent must be installed on all target machines in RDP sessions

NOTE:
UserLock identifies the gateway address for these sessions and this address is considered as “inside” the corporate or private network. To protect these sessions at the level of the protected account, you must therefore configure either:

• MFA for all,
• RDP, or
• RDP from outside (Please refer to the procedure below).

How to consider the Remote Desktop Gateway IP address as outside

At the UserLock Server while using the console, press F7 to view the Advanced settings. Locate the value “IPConsideredOutside”. Ensure that the value of the RDS Gateway is entered.

NOTE:
By default all IP addresses outside of the following ranges will be considered as outside connections:

• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255
• fc00::/7
• fe80::/10

• Multi-Factor Authentication
  • Implementing Multi-Factor Authentication
  • UserLock Push App
  • How to apply MFA for VPN
  • How to configure and install VPN Connect for MFA
  • How to apply MFA for IIS Apps such as OWA, RDWeb and Sharepoint
  • How to enable MFA for SSO
  • How to apply MFA to Remote Desktop Gateway sessions
  • How to enroll remote users
  • Onboarding for End Users - Push Notifications with UserLock Push
  • Onboarding for End Users – with an Authenticator Application
  • Onboarding for End Users – with a Token2 programmable token
  • Onboarding for End Users – with HOTP Token2
  • Onboarding for End Users – with YubiKey
  • Onboarding for End Users - Recovery codes