Rublon

Secure Remote Access

Last updated on September 1, 2025

MFA for Remote Desktop is a secure approach to authentication that strengthens user logins with a strong second factor, such as accepting the Mobile Push authentication request sent to your phone. Thanks to Remote Desktop MFA, hackers who have your password cannot log in as you via Remote Desktop connections to RDP, RD Gateway, RD Web Access, or RD Web Client.

Rublon Protects Your Remote Desktop Logons

Microsoft Windows is the most commonly used operating system in the world. Users who log in to the system, either directly or via Remote Desktop, get access to a multitude of important features and data. As a result, it is of utmost importance to protect your users from unauthorized access. Passwords are easy to steal, guess and crack, and that’s why you need another, additional way to secure your Remote Desktop logons. Multi-Factor Authentication with a strong second factor is a perfect solution to the problem of low security of passwords. Learn more about why passwords are weak and why Multi-Factor Authentication is a good way of solving the low security level of passwords.

Rublon follows cutting-edge security practices to deliver top solutions and guarantee the safety of your data. Rublon trusts in Multi-Factor Authentication as the basis of application security and further enhances user comfort and flexibility by providing the most in-demand features, such as Single Sign-On and Access Policies. Rublon acknowledges the importance of securing Remote Desktop logons and delivers state-of-the-art multi-factor authentication software.

Rublon integrates with Windows Logon & RDP as well as Remote Desktop Services (RD Gateway, RD Web Access, and RD Web Client) to introduce robust Multi-Factor Authentication to your login experience. In the first step, you provide your login credentials as usual. In the second step introduced by Rublon, you get a Mobile Push on your phone. You can accept or deny the login attempt. Even if somebody knows your Remote Desktop password, they cannot log in because you will deny all their login attempts. Incidentally, Mobile Push is a very fast and comfortable method of authentication. Once you get used to Mobile Push, you will not feel any difference while protecting your logons with the powerful and secure Rublon.

MFA for RDP

If you would like to enable Rublon MFA for your RDP logons, there is no better way than using our Rublon for Windows Logon & RDP connector. Rublon for Windows supports two types of accounts:

  • Workgroup Accounts
  • Microsoft Active Directory Accounts

A plenitude of settings exist, both Rublon for Windows-specific and Admin Console-based so that you can adjust Rublon for Windows according to your needs and preferences. Change the settings of Rublon for Windows in Windows Registry or define a custom policy for your Rublon for Windows application in Rublon Admin Console.

How to enable MFA for RDP

MFA for Remote Desktop Services

Rublon fully supports Remote Desktop Services (RDS), enabling Multi-Factor Authentication for Remote Desktop Gateway (RD Gateway), Remote Desktop Web Access (RD Web Access), and Remote Desktop RD Web Client.

MFA for Remote Desktop Gateway

Install the Rublon for Remote Desktop Gateway (RD Gateway) connector to add Multi-Factor Authentication to your Microsoft Remote Desktop Gateway logons. Install Rublon Authenticator to gain a set of secure authentication methods, including Mobile Push. During the authentication process, Rublon sends you a Mobile Push login request. If Rublon Authenticator is not installed, an Email Link is sent instead.

You can change the settings of Rublon for RD Gateway in Windows Registry. You can also define a custom policy specific to only your Remote Desktop Gateway logons. 

How to enable MFA for RD Gateway

MFA for Remote Desktop Web Access

Enforce Rublon MFA to improve the security of your RD Web Access logons. The Rublon for RD Web Access connector supports all authentication methods to give you a choice. You choose how to safeguard your logons. Select your favorite method of authentication and enjoy the maximum security guaranteed by Rublon.

The settings of Rublon for RD Gateway are configured in Windows Registry. You can also define a custom policy specific to only your Web Access logons.

How to enable MFA for RD Web Access

MFA for Remote Desktop Web Client

Enhance your Remote Desktop Web Client logins with strong 2FA and MFA. The Rublon for RD Web Access connector supports the Web Client by enabling Two-Factor Authentication on all HTML5-based Remote Desktop Web Client logins. Users can sign in to the Remote Desktop Web Client using all available authentication methods.

The settings are configured in Windows Registry. You can also define a custom policy specific to only your RD Web Client logons.

How to enable MFA for RD Web Client

Take Control of Your Remote Desktop Logins

As you already know, Rublon gives you the means to safeguard your Remote Desktop logons by introducing strong Multi-Factor Authentication. But Rublon does much more than just that. We also provide powerful tools to help you control every step of your users’ authentication. It is true that you can control our Remote Desktop connectors using a set of options in the Windows Registry. Yet you can achieve much more by means of the Rublon Admin Console.

The Rublon Admin Console provides you with a set of management tools to supervise your entire organization – Remote Desktop logons and beyond! You can easily set which users are to be bypassed or denied access, view who logged in to which application and when, and manage security keys like YubiKey from Yubico.

One of Rublon Admin Console’s most robust features is Policies. The concept of Policies was introduced as a solution to the problem of Adaptive Authentication. In short, you have one Global Policy that applies to all your applications by default. You can override the Global Policy by creating Custom Policies. Custom Policies are assigned to one or more applications and are effective immediately. One policy can be assigned to more than one application but each application can only have one custom policy. Refer to the following example of the Remote Desktop policy to better understand the concept and find out why Rublon Policies is a satisfactory solution to the Adaptive Authentication challenge.

Remote Desktop Policy

Organizations use many applications. Each application is handled differently and has its own security risks, so global settings for all applications are not enough. Refer to the example below to learn how Rublon recognizes and resolves the challenge of defining different settings for different applications.

Initial Assumptions

  • You have four applications defined in Rublon Admin Console:
    • Windows Logon & RDP
    • Remote Desktop Gateway
    • RD Web Access
    • Citrix Gateway
  • You would like to allow users logging in to your Remote Desktop applications to bypass Rublon 2FA for 48 hours. If a user was logged in successfully once, they are bypassed by Rublon 2FA for 48 hours during each of their subsequent logins.
  • You would like to bypass Rublon 2FA login to your Remote Desktop applications for a given IP, say 127.0.8.
  • You would like users logging in to Citrix Gateway to be sent a Mobile Push. You do not want to allow your users to select any other method of authentication.

Challenge

A security system has to devise a way to satisfy such complex requirements. A way to define behavior on the application level is required.

Rublon Policies to the Rescue

With Rublon Policies, you can easily set one or more Custom Policies to fulfill all preceding requirements. Refer to the following way of fulfilling the Remote Desktop requirements:

  1. Define a Custom Policy: Remote Desktop Policy.
  2. Click Remembered Devices and set Remember a device for 2 Days.
  3. Click Authorized Networks and type 127.0.8 in the text field.
  4. Click Save to create your Remote Desktop Policy.
  5. Go to Applications, find your Remote Desktop applications and assign Remote Desktop Policy to these applications.

You can fulfill the Citrix Gateway requirements in one of two ways:

  1. Create a new Custom Policy, e.g. Citrix Gateway Policy, and enable Default Authentication Method in this policy.
  2. Enable Default Authentication Method in Global Policy.

The first way is preferable.

Rublon for Windows Logon and RDP – Documentation

Rublon for Remote Desktop Gateway – Documentation

Rublon for Remote Desktop Web Access – Documentation

The Importance of Multi-Factor Authentication And Why You Should Get Rublon