Remote Desktop Web Access is a web page that shows a list of applications published from a server. From the web page, you can click on the icon for an application to launch that application.
The AuthPoint agent for RD Web adds the protection of multi-factor authentication to RD Web Access. When you configure the agent for RD Web, users must authenticate with AuthPoint MFA to access the RD Web page.
RD Web Server Requirements
To install the AuthPoint agent for RD Web, the RD Web server must meet these requirements:
- Microsoft .NET Framework — Version 4.7.2 or higher installed
- Operating System — Windows Server 2012, Windows Server 2016, or Windows Server 2019
Configure MFA for RD Web
There are two parts to configure MFA for RD Web:
- The resource you configure in AuthPoint
- The agent you install on your network
Configure an RD Web Resource
To configure an RD Web resource in the AuthPoint management UI:
- Go to cloud.watchguard.com and log in to WatchGuard Cloud. If you have a Service Provider account, you must pivot to the Subscriber view.
- From the navigation menu, select Configure > AuthPoint.
- Select Resources.
- From the Choose a resource type drop-down list, select RD Web. Click Add.
- On the RD Web page, in the Name text box, type a name for this resource.
- Type your FQDN. For example, example.com or example.net.
- From the AuthPoint Certificate drop-down list, select the AuthPoint identity provider certificate to use for SAML authentication. This is used for the SAML applications that support RD Web. For more information, see Certificate Management.
- Click Save to save your resource.
- Add access policies for the RD Web resource. For detailed steps, see Access Policies.
Download and Install the Agent
After you configure the RD Web resource, you must download and install the AuthPoint agent for RD Web.
- Select Downloads.
- In the RD Web section, click Download Installer.
- To download the configuration file for the RD Web agent, click Download Config.
- Move the downloaded configuration file to the same directory as the installer (.msi file) for the RD Web agent.
- Run the installer (.msi file) to install the AuthPoint agent for RD Web. You must run the installer as a local administrator.
Authentication for RD Web
After you configure the AuthPoint agent for RD Web, when a user types their user name and password on the RD Web page, the agent directs the request to AuthPoint. The single sign-on page opens and the user must authenticate. After the user authenticates, the RD Web page opens and the user can access the applications available to them.
RD Web Access is only used to launch the remote applications. After the application opens, you can close RD Web Access.
To authenticate for RD Web Access:
- In a web browser, go to the URL of the RD Web Access site.
The default URL is https://<server name>/rdweb, where <server name> is the fully qualified domain name of the web server where you installed RD Web Access.
- The user types their user name and password. Click Sign in.
The AuthPoint authentication page opens.
- Select an authentication method and authenticate.
- Push — The user approves the push notification that is sent to their device.
- QR Code — Use the AuthPoint mobile app to scan the QR code, then type the verification code shown in the app.
- One-Time Password — Type the one-time password for your token.
After the user authenticates, the RD Web Access page opens and shows all the applications available to them. When the user selects an application, the behavior is different based on the web browser:
- Internet Explorer — When the user selects an application it opens directly in the browser.
- Other browsers — When the user selects an application, an .rdp file downloads. The user must run the .rdp file and type their login credentials to access the application.
The connection through an .rdp file is not protected by MFA. To require MFA for direct access to these applications, we recommend that you install the Logon app on servers that host the applications.
If the user uses an .rdp file to connect to an application on a server protected by the Logon app, after they run the .rdp file and type their credentials, they must select Show Details to show the authentication page, and then authenticate.