Forum Discussion

DavidBelanger's avatar
DavidBelanger
Icon for Microsoft rankMicrosoft
May 26, 2021

PUBLIC PREVIEW: Announcing public preview of SSO using AD FS

We are excited to announce the public preview of single sign-on (SSO) using Active Directory Federation Services (AD FS) for Windows Virtual Desktop. This feature allows customers who use AD FS to configure their host pool to enable a single sign-on experience, removing the second credential prompt for the session host. This functionality is supported when using the Windows and web clients.

 

Getting started:

 

The documentation to configure AD FS single sign-on will guide you through the key steps needed to enable this functionality including:

  • Configuring your certificate authority to issue certificates
  • Configuring your AD FS server with a relying-party trust
  • Configuring your Windows Virtual Desktop host pool to enable SSO

 

  • Great, we just spent over 6 months to move all our ADFS Apps to Azure AD (to decom ADFS)
  • Paul54's avatar
    Paul54
    Copper Contributor

    I'm really scratching my head here. AVD's in Azure going backward to ADFS for SSO? Really?
    Given AVD's current SSO option is tied to line-of-site Domain Controllers (the AVD's are joined to, or through a Domain Trust, etc.). So adding ADFS for AVDs was the natural path.
    What about customers that are moving client-side devices to Intune & AzureAD?
    Sigh....

  • Kubaib's avatar
    Kubaib
    Copper Contributor

    DavidBelanger 

     

    Configured the environment exactly as per the article however still not getting SSO to session host, I am missing anything ?

    Environment : ADFS hosted in 2019 win server 

    WVD  hosts : win10 20H2 multisession 

    Client : Web browser  

     

     

    • DavidBelanger's avatar
      DavidBelanger
      Icon for Microsoft rankMicrosoft

      Hi Kubaib, unsure if you are still having issues with enabling SSO. It looks like the SSL certificate on your AD FS server may not be valid or publicly trusted. The WVD service isn't able to access the server. You can also enable Log Analytics for WVD to see the errors for yourself.

Resources