Forum Discussion
PUBLIC PREVIEW: Announcing public preview of SSO using AD FS
We are excited to announce the public preview of single sign-on (SSO) using Active Directory Federation Services (AD FS) for Windows Virtual Desktop. This feature allows customers who use AD FS to configure their host pool to enable a single sign-on experience, removing the second credential prompt for the session host. This functionality is supported when using the Windows and web clients.
Getting started:
The documentation to configure AD FS single sign-on will guide you through the key steps needed to enable this functionality including:
- Configuring your certificate authority to issue certificates
- Configuring your AD FS server with a relying-party trust
- Configuring your Windows Virtual Desktop host pool to enable SSO
- DeletedGreat, we just spent over 6 months to move all our ADFS Apps to Azure AD (to decom ADFS)
- kd007Copper ContributorYeah, this news is actually more of a disappoint than anything else. Microsoft is adding more reasons to stick with AD+ADFS rather than move to Azure AD, which my company did over a year ago. Give us WVD single sign on with Azure AD!
- kumarallamrajuMicrosoft
It's coming - Enhanced support for Azure Active Directory (coming soon in public preview): https://azure.microsoft.com/en-us/blog/azure-virtual-desktop-the-desktop-and-app-virtualization-platform-for-the-hybrid-workplace/
- Paul54Copper Contributor
I'm really scratching my head here. AVD's in Azure going backward to ADFS for SSO? Really?
Given AVD's current SSO option is tied to line-of-site Domain Controllers (the AVD's are joined to, or through a Domain Trust, etc.). So adding ADFS for AVDs was the natural path.
What about customers that are moving client-side devices to Intune & AzureAD?
Sigh.... - KubaibCopper Contributor
Configured the environment exactly as per the article however still not getting SSO to session host, I am missing anything ?
Environment : ADFS hosted in 2019 win server
WVD hosts : win10 20H2 multisession
Client : Web browser
- DavidBelangerMicrosoft
Hi Kubaib, unsure if you are still having issues with enabling SSO. It looks like the SSL certificate on your AD FS server may not be valid or publicly trusted. The WVD service isn't able to access the server. You can also enable Log Analytics for WVD to see the errors for yourself.