2FA RDP excluding internal network

Hi all,

I am currently implementing privacyidea as 2FA to get users access to a RDP session on a terminalserver.
Everything is running fine, and I think I configured it correctly:
mstsc > AD user and AD passwort > RDP opens with only privacyidea as option > pin + OTP > login possible

Now I face a “problem” where I can’t find a proper answer for.

Is it possible to exclude the internal network? When the user/client is in the internal network (e.g., just use AD user and AD passwort to connect to RDP. If the user/clients comes from outside of this specific network, use AD user and password together with pin + OTP (like it is working now).

Is this possible?


Hello and welcome to privacyIDEA.

This is not possible.
Since Microsoft does not provide the client IP in the credential provider context.

So it is Microsoft’s fault. Sorry for that. :wink:

1 Like