About the AuthPoint Agent for RD Web

Remote Desktop Web Access is a web page that shows a list of applications published from a server. From the web page, you can click on the icon for an application to launch that application.

The AuthPoint agent for RD Web adds the protection of multi-factor authentication to RD Web Access. When you configure the agent for RD Web, users must authenticate with AuthPoint MFA to access the RD Web page.

RD Web Server Requirements

To install the AuthPoint agent for RD Web, the RD Web server must meet these requirements:

  • Microsoft .NET Framework — Version 4.7.2 or higher installed
  • Operating System — Windows Server 2012, Windows Server 2016, or Windows Server 2019

Configure MFA for RD Web

There are two parts to configure MFA for RD Web:

  • The resource you configure in AuthPoint
  • The agent you install on the RD Web server

Configure an RD Web Resource

To configure an RD Web resource in the AuthPoint management UI:

  1. Go to cloud.watchguard.com and log in to WatchGuard Cloud.
  2. From the navigation menu, select Configure > AuthPoint. If you have a Service Provider account, you must select an account from Account Manager.
  3. Select Resources.
  4. From the Choose a resource type drop-down list, select RD Web. Click Add.
  5. On the RD Web page, in the Name text box, type a name for this resource.
  6. Type your FQDN. For example, example.com or example.net. If you have configured RD Web to use a port other than port 443, you must append the port number to your FQDN. For example, if you have configured RD Web to use port 8443, you would type example.com:8443.

    If you update the FQDN value, you must download the updated configuration file and reinstall the agent for RD Web.

  7. From the AuthPoint Certificate drop-down list, select the AuthPoint identity provider certificate to use for SAML authentication. This is used for the SAML applications that support RD Web. For more information, see Certificate Management.

    When you change the certificate that is associated with an RD Web resource, you must download the updated configuration file and install the agent for RD Web again.

  1. Click Save to save your resource.
  2. Add access policies for the RD Web resource. For detailed steps, see Access Policies.

Download and Install the Agent

After you configure the RD Web resource, you must download and install the AuthPoint agent for RD Web on the RD Web server.

  1. Select Downloads.
  2. In the RD Web section, click Download Installer.
  3. To download the configuration file for the RD Web agent, click Download Config.
  4. Move the downloaded configuration file to the same directory as the installer (.msi file) for the RD Web agent.
  5. To install the AuthPoint agent for RD Web, run the installer (.msi file) on the RD Web server. You must run the installer as a local administrator.

    If the wizard shows a Files in use message that prompts you to close the IIS Worker Process, click Ignore and continue the installation process.

Update the RD Web Agent

The AuthPoint agent for RD Web does not automatically upgrade to the latest version. To upgrade the agent for RD Web, you must download and install the updated version of the agent. The most current version of the agent is available on the Downloads page.

You do not have to uninstall the AuthPoint agent for RD Web or download a new configuration file when you install an updated version.

To update the agent for RD Web:

  1. In the AuthPoint management UI, select Downloads.
  2. In the RD Web section, click Download Installer. You do not have to download the configuration file.

  1. To install the AuthPoint agent for RD Web, run the installer (.msi file) on the RD Web server. You must run the installer as a local administrator.

    If the wizard shows a Files in use message that prompts you to close the IIS Worker Process, click Ignore and continue the installation process.

Authentication for RD Web

After you configure the AuthPoint agent for RD Web, when a user types their user name and password on the RD Web page, the agent directs the request to AuthPoint. The single sign-on page opens and the user must authenticate. After the user authenticates, the RD Web page opens and the user can access the applications available to them.

RD Web Access is only used to launch the remote applications. After the application opens, you can close RD Web Access.

To authenticate for RD Web Access:

  1. In a web browser, go to the URL of the RD Web Access site.

    The default URL is https://<server name>/rdweb, where <server name> is the fully qualified domain name of the web server where you installed RD Web Access.

  2. The user types their user name and password. Click Sign in.
    The AuthPoint authentication page opens.
  3. Select an authentication method and authenticate.
    • Push — The user approves the push notification that is sent to their device.
    • QR Code — Use the AuthPoint mobile app to scan the QR code, then type the verification code shown in the app.
    • One-Time Password — Type the one-time password for your token.

After the user authenticates, the RD Web Access page opens and shows all the applications available to them. When the user selects an application, the behavior is different based on the web browser:

  • Internet Explorer — When the user selects an application it opens directly in the browser.
  • Other browsers — When the user selects an application, an .rdp file downloads. The user must run the .rdp file and type their login credentials to access the application.

    The connection through an .rdp file is not protected by MFA. To require MFA for direct access to these applications, we recommend that you install the Logon app on servers that host the applications.

If the user uses an .rdp file to connect to an application on a server protected by the Logon app, after they run the .rdp file and type their credentials, they must select Show Details to show the authentication page, and then authenticate.

See Also

Certificate Management

Access Policies

About Authentication