When trying to setup an RDP connection directly from the GUI (i.e. not using the desktop java client), connections succeed when using local and LDAP (AD) user logins. 

However when I switch to using an SSO id which is using Entra-ID (and Entra-ID driven MFA), connections to the same target host (using the same target credentials) the connection fails with this error dialog:

When using the same Entra-ID credentials from a PAM java client session everything works fine - the RDP login succeeds, and the windows desktop is displayed..

PAM 4.2

In some scenarios when using SAML Auth for a user and  "Require Inherited SAML Auth" is set to yes the RDP Gateway does not create the needed session so  MSTSC reports an error connecting.  

Under Global Settings>SAML, there is the following option:  "Require Inherited SAML Auth", it is set to "yes".

Modify it to "No".

After this all SAML user have no issue with RDP file connection. 

This will be fixed in 4.2.1 PAM version