Feb 09 2020 10:24 AM
Feb 09 2020 10:24 AM
Hi, we are just running a POC of WIndows Virtual Desktop and wondering what the options are regarding single sign on? In our current deployment we're using an IaaS AD with Azure AD Sync and Single Sign on enabled. Upon launching the web client or subscribing to a feed with the Remote Desktop app, credentials are entered which successfully lists the available resources. When a resource is launched the user must authenticate with the same credentials again. Obviously a dual authentication is not ideal! Is the only option here to use ADFS ? Thanks
Feb 11 2020 09:14 AM
@jcookintegy : We are working on validating and releasing documentation for the single sign-on configuration with ADFS (which has been a little delayed). Unfortunately, this is the only mechanism for a true single sign-on mechanism at the moment, because in the other flows we never see the credentials that you pass to Azure AD (only Azure AD sees them). This issue is averted when using ADFS, since your own authority is issuing the the token and can then later exchange that token for a smartcard certificate for logon.
Feb 13 2020 06:29 AM
Feb 13 2020 08:38 AM
@jcookintegy : Yes, we have it in our backlog. We're investigating the work with Azure AD so we don't have a specific timeframe for it yet, but it one of the top concerns across the board, so we are definitely prioritizing this.
Apr 21 2020 08:17 PM
@Christian_Montoya Any update on this? Two issues I am seeing so far:
1. WVD web front end / RDP client prompt for credentials, and then the Windows session itself prompts for the credentials.
2. And then, once inside the Windows 10 session, OneDrive prompts for credentials inside the session along with all other services that use Azure AD, instead of SSO.
May 24 2020 01:29 PM
@davidlloyd Indeed too much authentications prompts for now. Let's dream a little bit : i login on my endpoint with my Azure AD account (Windows Hello active - device managed through Endpoint management), then i launch Remote App client, sso occurs, then i launch my wvd session, sso occurs, then i launch an office 365 app, sso occurs, could become a great user experience and all this with AADDS service setup. For now, it's still a dream ;)
May 24 2020 02:02 PM
I am still baffled that the Remote Desktop client prompts for credentials when you subscribe to a feed even when on an Azure AD / Hybrid Joined device, surely the app could be configured to autoconfigure and use the existing token as it would if you browsed to portal.office..com in edge
The second prompt is understandable as you are switching to kerberos but it would also be great if this was modern auth ;)
Aug 23 2020 11:44 PM
Sep 25 2020 06:31 AM
Hi @Christian_Montoya , we have users who are independent therapists contracted to provide services. Their only IT is a laptop, they have nothing 'on prem', and they are required to use an app which we provide as an Azure remote app. We have nothing 'on prem' either!
We are trying to resolve the double signon experience - is there, or will there be, a solution for our use case?
Sep 25 2020 04:00 PM
Hi and thanks. Edge will save the first password (when logging in via aka.ms/wvdarmweb). Chrome won't, so I'll recommend clients to use Edge for the time being. (I tried adding manually via Credentials Manager but that made no difference to either browser.)