Feb 28 2019
11:40 PM
- last edited on
Jan 14 2022
04:46 PM
by
TechCommunityAP
Feb 28 2019
11:40 PM
- last edited on
Jan 14 2022
04:46 PM
by
TechCommunityAP
Hi there,
I've been looking for this issue on the internet, but can't really find a good answer or solution. We have a on-premise (iaas) 2016 RDS (mainly remoteapp) solution that we would like to share with other companies. Basicly through RDWeb. This is no problem when we give them user accounts from our RDS domain. But more and more often they want SSO with there own user accounts (AzureAD, ADFS, etc). I know we can make it work with a domain trust, but that is something usually out of the question. Begin 2018 we have been looking at the Azure B2B connector and publishd the RDWeb with the AD application proxy. (https://docs.microsoft.com/nl-nl/azure/active-directory/b2b/hybrid-cloud-to-on-premises). With a shadow account we could make it possible to access SSO to the RDWeb, but from there, starting remote apps, desktop wasn't possible. So ... the question is? Is this possible? SSO for external (other domains) access to our RDS solution? Anyone got a simular situation or some kind of direction? I know Citrix has a simular solution with FAS and b2b, but we would rather stick with a Microsoft only solution. Thx!
Mar 03 2019 01:06 AM
Mar 06 2019 11:07 AM
@Axians_CSS did you get this to work? still trying? or not possible? as you pointed out would be great to be able to use something like AD B2B to provide RDS based desktops and apps to external partners and let them manage their own password resets etc. Cheers!
Mar 06 2019 10:53 PM
Thx for the reply! Nice to hear that it could work for on-premise applications. It has been almost a year ago that we tried this solution with RDS, maybe things have been improved.
Mar 06 2019 10:58 PM
Hi JM_Tech, no but it has been a while that we tested this. For now we just have to live with it that we manage seperate accounts. But this gives lots of extra support calls. So like you said it would be great if a full SSO solution is possible. Partners, etc can then just manage their own accounts. When i have some time i will try to test this again.