DUO on RDP and RD gateway


I’m a first time DUO user/admin and appreciate any help from the GURU’s. We setup a Windows Server 2016 with RDS role and RD gateway.

So we applied protection on it’s RDP and it has been working. We now plan to protect the RD Gateway. Not sure if I’m doing the right thing though, do i execute the msi for RD Gateway I assume on the same server? but the thing is there’s a different intergration, secret ket and APi key just for RD gateway or I’m doing it wrong??


We offer separate integrations for Windows Logon and RD Gateway logon.

  • Duo Authentication for Windows Logon protects local and RDP logins on the workstation or server where it is installed. So if you installed this on your RD Gateway server, it would add 2FA to interactive desktop local and RDP login on that server. It would not add 2FA to users accessing session hosts through the RD Gateway service on that server.

  • Duo Authentication for RD Gateway adds 2FA to RD Gateway logins. If you installed this on your RD Gateway server, it would add 2FA RDP connections for desktop sessions or published apps that use that RD Gateway service.

You are correct that if you wanted to protect both types of logons you would install both of those applications on the same RDG server, using different application information (Install Duo RDG with the keys for the Duo RDG application, and install Duo Windows Logon with the keys for the Duo RDP application).