Forum Discussion
sidlala123
Microsoft
MicrosoftWVD and SSO with AAD Connect PHS/PTA
Hi Guys,
As far as I know in order to use SSO in WVD, we must have AD FS.
But what about below topology, when we use PHS/PTA as the synchronization method in AAD connect, also we connect WVD ...
Your client is not connecting to WVD via the internal addresses but via the hosted WVD gateway/brokers of Microsoft. This means your schema is incorrect.
https://cdn.dribbble.com/users/1135328/screenshots/6393820/wvd_architecture_2x.jpg
https://cdn.dribbble.com/users/1135328/screenshots/6393820/wvd_architecture_2x.jpg
sidlala123Microsoft
MicrosoftThanks for your reply knowlite.
Assume the WVD pool in my diagram means both WVD pool and hosted WVD gateway/brokers, is it possible to enable seamless SSO?
My main question is if we can use Seamless SSO(no ADFS) for WVD?
I found a blog saying below, but it's not from official MS docs, so I am afraid I cannot present this to customer as evidence.
""8: No Direct SSO using Azure AD Native – If you today are using SAML based SSO with for instance Azure AD or other iDP’s such as if you have end-users on Azure AD joined machines and want to provide SSO directly to a WVD desktop this is not currently possible and it requires that you have configured an ADFS.""
From: https://msandbu.org/windows-virtual-desktop-breakdown-of-architecture-and-current-status/
Assume the WVD pool in my diagram means both WVD pool and hosted WVD gateway/brokers, is it possible to enable seamless SSO?
My main question is if we can use Seamless SSO(no ADFS) for WVD?
I found a blog saying below, but it's not from official MS docs, so I am afraid I cannot present this to customer as evidence.
""8: No Direct SSO using Azure AD Native – If you today are using SAML based SSO with for instance Azure AD or other iDP’s such as if you have end-users on Azure AD joined machines and want to provide SSO directly to a WVD desktop this is not currently possible and it requires that you have configured an ADFS.""
From: https://msandbu.org/windows-virtual-desktop-breakdown-of-architecture-and-current-status/
- sidlala123
Not sure if anyone can help on this.
- The new Remote Desktop app provides SSO once the credentials have been cached, so it's a one time configuration. Going through RDWEB there is no SSO functionality without ADFS (unfortunately).
