Home

Double authentication in web client

%3CLINGO-SUB%20id%3D%22lingo-sub-389330%22%20slang%3D%22en-US%22%3EDouble%20authentication%20in%20web%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389330%22%20slang%3D%22en-US%22%3E%3CP%3EEvery%20time%20I%20log%20in%20to%20the%20WVD%20web%20client%20I%20first%20get%20to%20sign%20in%20with%20the%20Office%20365%2FAzureAD%20login%20experience%20(with%20MFA)%20but%20when%20I%20get%20to%20the%20landing%20pange%20and%20click%20on%20my%20Desktop%20in%20the%20web%20client%20I%20get%20prompted%20for%20e-mail%20and%20password%20once%20more.%3CBR%20%2F%3E%3CBR%20%2F%3EWhy%20am%20I%20getting%20double%20logins%3F%20In%20the%20remote%20desktop%20client%20things%20seems%20to%20be%20full%20SSO.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-389481%22%20slang%3D%22en-US%22%3ERe%3A%20Double%20authentication%20in%20web%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389481%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F227768%22%20target%3D%22_blank%22%3E%40Anders%20Gidlund%3C%2FA%3E%26nbsp%3B%3A%20The%20reason%20for%20the%20double%20prompt%20is%20that--as%20you%20mention--the%20first%20authentication%20is%20the%20Azure%20AD%20(which%20we%20never%20see)%2C%20but%20then%20the%20second%20prompt%20is%20the%20Windows%20login%20prompt.%20Windows%20doesn't%20accept%20a%20token%20for%20login%2C%20and%20because%20we%20only%20receive%20a%20token%20from%20Azure%20AD%2C%20we%20cannot%20immediately%20supply%20credentials%20so%20must%20prompt%20again.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20might%20see%20that%20in%20the%20other%20Remote%20Desktop%20client%20things%20seem%20to%20be%20%22full%20SSO%22%20if%20you%20select%20%22Remember%20my%20password.%22%20If%20you%20would%20like%2C%20you%20can%20save%20your%20Windows%20login%20credentials%20as%20a%20password%20through%20your%20browser's%20Password%20management%20vault%20to%20get%20the%20same%20experience.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-422789%22%20slang%3D%22en-US%22%3ERe%3A%20Double%20authentication%20in%20web%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-422789%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3A%20Do%20you%20know%20what%20the%20plans%20are%20when%20it%20comes%20to%20supporting%20SSO%20in%20WVD%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-439048%22%20slang%3D%22en-US%22%3ERe%3A%20Double%20authentication%20in%20web%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-439048%22%20slang%3D%22en-US%22%3E%3CP%3EI%20mean%20it%20is%20kind%20of%20supported%20now%2C%20if%20you%20log%20into%20your%20portal%20and%20have%20SSO%20enabled%2C%20it%20let's%20you%20right%20in.%26nbsp%3B%20We%20are%20using%20Azure%20SSO%20in%20our%20environment%20and%20it%20works%20nicely.%26nbsp%3B%20As%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3Bstated%2C%20the%20local%20RDS%20login%20cannot%20accept%20tokens.%26nbsp%3B%20That's%20been%20my%20experience%20with%20other%20deployments%20I've%20done%20in%20the%20RDS%20tech%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Anders Gidlund
Occasional Contributor

Every time I log in to the WVD web client I first get to sign in with the Office 365/AzureAD login experience (with MFA) but when I get to the landing pange and click on my Desktop in the web client I get prompted for e-mail and password once more.

Why am I getting double logins? In the remote desktop client things seems to be full SSO.

3 Replies

@Anders Gidlund : The reason for the double prompt is that--as you mention--the first authentication is the Azure AD (which we never see), but then the second prompt is the Windows login prompt. Windows doesn't accept a token for login, and because we only receive a token from Azure AD, we cannot immediately supply credentials so must prompt again.

 

You might see that in the other Remote Desktop client things seem to be "full SSO" if you select "Remember my password." If you would like, you can save your Windows login credentials as a password through your browser's Password management vault to get the same experience.

@christianmontoya : Do you know what the plans are when it comes to supporting SSO in WVD? 

I mean it is kind of supported now, if you log into your portal and have SSO enabled, it let's you right in.  We are using Azure SSO in our environment and it works nicely.  As @christianmontoya stated, the local RDS login cannot accept tokens.  That's been my experience with other deployments I've done in the RDS tech as well.

Related Conversations
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies