RDP Connections with Native Clients

This section describes how to establish RDP connections with native clients.

Users can connect to target hosts/accounts using the RDP clients installed on their workstations, without needing to use the PrivX GUI. Connections are authenticated against PrivX.

PrivX provides the following connection modes:

  • Interactive: Access PrivX RDP Bastion to list and select possible targets.

  • Direct: Specify your connection target directly to the native client.

PrivX RDP Bastion connections are verified against the PrivX RDP Bastion host certificate. You may verify the certificate from the Connections→Native Clients page.

Prerequisites

Connecting Interactively

To connect to targets with native clients interactively:

  1. Use your native client to connect to a PrivX server.

  2. Provide your PrivX credentials when prompted.

  3. You are shown the targets where you are allowed access. Select a target to connect to it.

Connecting Directly

To directly connect to a target you know, provide the native client with the following parameters:

  • Host: Address of a PrivX server.

  • User: Credentials and target identification in the following format:

    <target_username>%<extender_name>%<target_hostname>%<privx_username>

    Where the <extender_name> is only required for target hosts behind Extenders.

% characters in user names must be escaped with %%. For example, %example%user% becomes %%example%%user%%.

Values may be separated using either % or ``| - The separator character can be escaped by doubling (%% or ||).

  • Password: Your PrivX-user password.

    Direct-connection example with Windows Remote Desktop Client

When MFA is enabled, users must connect using the interactive method.

RDP certificate authentication is only supported through the PrivX GUI.

RDP with native clients via PrivX does not support file transfers via drive redirection when session recording is enabled. In such scenarios users may copy-paste to transfer files.

Connecting as OIDC User

OIDC authentication isn't supported by native-RDP clients due to RDP-protocol limitations. However, OIDC users can use session-password authentication instead. For instructions about enabling and using session passwords, see Session Password Authentication.

Was this page helpful?