Mar 27 2019 04:58 AM
Every time I log in to the WVD web client I first get to sign in with the Office 365/AzureAD login experience (with MFA) but when I get to the landing pange and click on my Desktop in the web client I get prompted for e-mail and password once more.
Why am I getting double logins? In the remote desktop client things seems to be full SSO.
Mar 27 2019 08:47 AM
@Anders Gidlund : The reason for the double prompt is that--as you mention--the first authentication is the Azure AD (which we never see), but then the second prompt is the Windows login prompt. Windows doesn't accept a token for login, and because we only receive a token from Azure AD, we cannot immediately supply credentials so must prompt again.
You might see that in the other Remote Desktop client things seem to be "full SSO" if you select "Remember my password." If you would like, you can save your Windows login credentials as a password through your browser's Password management vault to get the same experience.
Apr 09 2019 11:49 PM
@Christian_Montoya : Do you know what the plans are when it comes to supporting SSO in WVD?
Apr 11 2019 09:42 AM
I mean it is kind of supported now, if you log into your portal and have SSO enabled, it let's you right in. We are using Azure SSO in our environment and it works nicely. As @Christian_Montoya stated, the local RDS login cannot accept tokens. That's been my experience with other deployments I've done in the RDS tech as well.
Nov 10 2021 10:18 AM
Seems like there is official documentation now. If you are willing to roll out/leverage ADFS, you can set up SSO using this method -> Configure AD FS single sign-on for Azure Virtual Desktop
I was able to implement it with a test environment in Azure on a single subnet with dedicated VMs for ADCS, ADDS, ADFS and one workstation. VM images used were Windows Server 2022 and Windows 10 21H1. AVD was set up with one session host with Windows 11. I used the certificate method to configure the key vault for AVD. To set up the prerequisites, I followed the Hybrid AD Certificate Trust model for Windows Hello for Business (WHfB) found here -> Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation . If you fully configure WHfB, you can reuse the enrollment certificate template to deploy the ADFS SSO certificate.
It took a bit of work to set it up so if you bump into issues, just reply to me and i'll try to help the best way i can.