PingOne Privilege

Configuring remote desktop access

When you onboard a cloud account, PingOne Privilege automatically discovers all remote desktop protocol (RDP) instances, which are then listed as targets under Access Management > Targets.

To enable passwordless access to these targets, you must first configure an access method. The configuration depends on whether the target machine is joined to an Active Directory (AD) domain.

Configuring access for non-domain-joined machines

For standalone Windows servers, use the Local User mode to store and manage a local administrator account:

  1. In the PingOne Privilege admin console, go to Settings > AD Domain Controllers .

  2. Click Create New.

  3. Enter a Name for this configuration (for example, Standalone Web Servers).

  4. Enable Local User Mode.

  5. In the Username and Password fields, enter the credentials for a local administrator account on the target machine. These credentials will be stored securely in the PingOne Privilege vault.

  6. (Optional) Enable the Rotate Passwords feature to have PingOne Privilege periodically change this password on the target machine.

  7. Configure the auto-approval schedule, specifying the times during which user access requests can be approved automatically.

  8. Click Save.

    remote desktop access 1

Configuring access for domain-joined machines

For Windows servers joined to an Active Directory domain, you create a configuration that stores domain credentials:

  1. In the PingOne Privilege admin console, go to Settings > AD Domain Controllers.

  2. Click Create New.

  3. Enter a Name for this configuration (for example, Corporate AD Domain).

  4. Disable Local User Mode.

  5. Enter the credentials for a privileged Domain Admin account. This account is used to manage other user passwords within the domain.

  6. For each standard domain user account you want to manage, click Add User and enter their Username and Password.

  7. Select the Cloud Type (AWS, GCP, or Azure).

    This domain controller configuration becomes the default for RDP targets in that cloud provider.

  8. (Optional) Enable the Rotate Passwords feature.

  9. Configure the auto-approval schedule.

  10. Click Save.

    remote desktop access 2

Binding an RDP instance to a domain controller configuration

After creating a configuration, bind each RDP target to it:

  1. In the PingOne Privilege admin console, go to Access Management > Targets.

  2. Find the target RDP instance and click More Info.

  3. In the AD Domain Controller list, select the appropriate configuration you created earlier.

  4. Enable Managed for the RDP instance

  5. Click Update.

    remote desktop access 3