RDP Connections with Native Clients
This section describes how to establish RDP connections with native clients.
Users can connect to target hosts/accounts using the RDP clients installed on their workstations, without needing to use the PrivX GUI. Connections are authenticated against PrivX.
PrivX provides the following connection modes:
Interactive: Access PrivX RDP Bastion to list and select possible targets.
Direct: Specify your connection target directly to the native client.
PrivX RDP Bastion connections are verified against the PrivX RDP Bastion host certificate. You may verify the certificate from the Connections→Native Clients page.
Prerequisites
- Your PrivX license must have RDP Bastion feature enabled, see Licensable Features.
Connecting Interactively
To connect to targets with native clients interactively:
Use your native client to connect to a PrivX server.
Provide your PrivX credentials when prompted.
You are shown the targets where you are allowed access. Select a target to connect to it.
Connecting Directly
To directly connect to a target you know, provide the native client with the following parameters:
Host: Address of a PrivX server.
User: Credentials and target identification in the following format:
<target_username>%<extender_name>%<target_hostname>%<privx_username>
Where the
<extender_name>
is only required for target hosts behind Extenders.
%
characters in user names must be escaped with %%
. For example, %example%user%
becomes %%example%%user%%
.
Values may be separated using either %
or ``| - The separator character can be escaped by doubling (%%
or ||
).
Password: Your PrivX-user password.
When MFA is enabled, users must connect using the interactive method.
RDP certificate authentication is only supported through the PrivX GUI.
RDP with native clients via PrivX does not support file transfers via drive redirection when session recording is enabled. In such scenarios users may copy-paste to transfer files.
Connecting as OIDC User
OIDC authentication isn't supported by native-RDP clients due to RDP-protocol limitations. However, OIDC users can use session-password authentication instead. For instructions about enabling and using session passwords, see Session Password Authentication.