PingOne Privilege

Configuring remote desktop access

When you onboard a cloud account, PingOne Privilege automatically discovers all Remote Desktop Protocol (RDP) instances, which are then listed as targets. To enable passwordless access to these targets, you must configure an access method based on whether the target machine is joined to an Active Directory (AD) domain.

First, you will create a Domain Controller configuration, which acts as a template for RDP connections. Then, you will bind individual RDP targets to this configuration.

Step 1: Create a Domain Controller Configuration

Choose one of the following methods depending on your target environment.

Method A: For Non-Domain-Joined Machines

For standalone Windows servers, use the Local User mode to store and manage a local administrator account.

  1. In the PingOne Privilege admin console, go to Settings > AD Domain Controllers.

  2. Click Create New.

  3. Enter a Name for this configuration, such as Standalone Web Servers.

  4. Enable the Local User Mode toggle.

  5. In the Username and Password fields, enter the credentials for a local administrator account on the target machine. These credentials will be stored securely in the PingOne Privilege vault.

  6. (Optional) Enable Rotate Passwords to have PingOne Privilege periodically change this password on the target machine.

  7. Configure the auto-approval schedule, specifying when user access requests can be approved automatically.

  8. Click Save.

    The RDP window.

Method B: For Domain-Joined Machines

For Windows servers joined to an Active Directory domain, create a configuration that stores domain credentials.

  1. In the PingOne Privilege admin console, go to Settings > AD Domain Controllers.

  2. Click Create New.

  3. Enter a Name for this configuration, such as Corporate AD Domain.

  4. Ensure the Local User Mode toggle is disabled.

  5. Enter the credentials for a privileged Domain Admin account.

    This service account is used by PingOne Privilege to manage other users' passwords within the domain.

  6. For each standard domain user account you want to manage, click Add User and enter their Username and Password.

  7. Select the Cloud Type (AWS, GCP, or Azure). This makes the domain controller configuration the default for RDP targets in that cloud provider.

  8. (Optional) Enable the Rotate Passwords feature.

  9. Configure the auto-approval schedule.

  10. Click Save.

    The Create AD domain controller window.

Step 2: Bind the RDP Instance to the Configuration

After creating a configuration, you must bind each RDP target to it.

  1. In the PingOne Privilege admin console, go to Access Management > Targets.

  2. Find the target RDP instance and click More Info.

  3. From the AD Domain Controller list, select the configuration you created in the previous step.

  4. Enable the Managed toggle for the RDP instance.

  5. Click Update.

    DemoRDP window with Managed toggle and AD domain controlled field highlighted.