I am currently implementing privacyidea as 2FA to get users access to a RDP session on a terminalserver.
Everything is running fine, and I think I configured it correctly:
mstsc > AD user and AD passwort > RDP opens with only privacyidea as option > pin + OTP > login possible
Now I face a “problem” where I can’t find a proper answer for.
Is it possible to exclude the internal network? When the user/client is in the internal network (e.g. 172.16.1.0/24), just use AD user and AD passwort to connect to RDP. If the user/clients comes from outside of this specific network, use AD user and password together with pin + OTP (like it is working now).
Is this possible?