What limitations do the native clients have? (SSH/RDP)
• RDP native clients work with (AD/LDAP/local) accounts, but not with OpenIDC accounts.
• MFA works with both RDP native clients with AD/LDAP accounts, but not with local accounts. MFA (if configured) is required every time on every connection to the PrivX GUI.
• Target accounts with type Directory are not accessible via RDP native clients.
See Connection method vs feature matrix for more info.

What limitations are there when using the agent? (connections do NOT pass through PrivX)
As per previous native-client limitations and in addition to the following:
• Session recording is not possible with Agent connections.
• Agent-based connection do not show at all in connection list.
• Audit events for agent-based authentication show certificate-request/role-granted/cert-issued, however there is no data on the target host or user.

Did this page help you?