Home

login with an admin-account

%3CLINGO-SUB%20id%3D%22lingo-sub-313303%22%20slang%3D%22en-US%22%3Elogin%20with%20an%20admin-account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313303%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20the%20latest%20version%20(.5)%20on%20a%202016%20server%3C%2FP%3E%3CP%3EI%20configured%20the%20application%20on%20azure%3C%2FP%3E%3CP%3EI%20configured%20%22%3CSPAN%3EUse%20Azure%20Active%20Directory%22%20to%20yes%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20I%20try%20to%20log%20with%20my%20admin-account%20witch%20is%20different%20from%20my%20windows%20normal%20AD%20account%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E(I%20select%20my%20admin-account%20from%20this%20url%20%3A%26nbsp%3B%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Flogin.microsoftonline.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flogin.microsoftonline.com%3C%2FA%3E)%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20am%20redirected%20with%20my%20windows%20logon%20account%20credentials%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWhat%20am%20I%20missing%20%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20I%20open%20a%20new%20inPrivate%20windows%20and%20log%20in%20with%20my%20admin%20account%2C%20I%20see%20the%20correct%20username%20in%20the%20%22manage-as%22%20column%2C%20but%20it%20ask%20me%20again%20for%20my%20credentials%20when%20I%20click%20on%20a%20server%20%3F%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%20in%20advance%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EFran%C3%A7ois%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-314555%22%20slang%3D%22en-US%22%3ERE%3A%20login%20with%20an%20admin-account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-314555%22%20slang%3D%22en-US%22%3EHello%2C%20thanks%20for%20your%20response%20%3A)What%20was%20bothering%20me%20was%20to%20reenter%20my%20admin%20username%20each%20time%2C%20but%20I%20found%20out%20it%20was%20because%20of%20the%20intranet%20zone%20that%20was%20defined%20in%20my%20domain%2C%20I%20added%20my%20WAC%20server%20to%20the%20list%20of%20the%20Trusted%20sites%20zone%20and%20now%20Edge%20or%20Chrome%20ask%20me%20for%20my%20credentials%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-313952%22%20slang%3D%22en-US%22%3ERe%3A%20login%20with%20an%20admin-account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-313952%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20you%20add%20AAD%20authentication%20to%20Windows%20Admin%20Center%20it%20is%20adding%20a%20%3CEM%3Esecond%20layer%3C%2FEM%3Eof%20authentication.%20You%20still%20need%20to%20authenticate%20with%20the%20machine%20that%20is%20hosting%20the%20Windows%20Admin%20Center%20gateway.%20%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fwindows-server%252Fmanage%252Fwindows-admin-center%252Fconfigure%252Fuser-access-control%2523azure-active-directory%26amp%3Bdata%3D02%257C01%257CJeff.Woolslayer%2540microsoft.com%257C43f9d94ea2514740b8f608d677ec1434%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636828253218774032%26amp%3Bsdata%3DvfKaQqnwVUWy9lXylIQLgJNG57%252FDzZTMRy7cPbdUS6E%253D%26amp%3Breserved%3D0%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EHere%20is%20the%20documentation%20for%20AAD%20authentication%20in%20Windows%20Admin%20Center%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20the%20second%20issue%20-%20when%20you%20have%20Windows%20Admin%20Center%20deployed%20on%20server%20as%20a%20service%2C%20you%20will%20always%20need%20to%20re-enter%20your%20credentials%2C%20unless%20you%20configure%20some%20kind%20of%20delegation.%3C%2FP%3E%0A%3CP%3EYou%20can%20read%20the%20documentation%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fmanage%2Fwindows-admin-center%2Fconfigure%2Fuser-access-control%23configure-single-sign-on%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3Ewhich%20includes%20an%20example%20that%20uses%20Resource-based%20constrained%20delegation.%3C%2FP%3E%3C%2FLINGO-BODY%3E
François Bourget
New Contributor

Hello,

 

I have the latest version (.5) on a 2016 server

I configured the application on azure

I configured "Use Azure Active Directory" to yes

If I try to log with my admin-account witch is different from my windows normal AD account

(I select my admin-account from this url : https://login.microsoftonline.com)

I am redirected with my windows logon account credentials

What am I missing ?

 

If I open a new inPrivate windows and log in with my admin account, I see the correct username in the "manage-as" column, but it ask me again for my credentials when I click on a server ??

 

Thanks in advance

 

François

2 Replies

When you add AAD authentication to Windows Admin Center it is adding a second layer of authentication. You still need to authenticate with the machine that is hosting the Windows Admin Center gateway. Here is the documentation for AAD authentication in Windows Admin Center.

 

For the second issue - when you have Windows Admin Center deployed on server as a service, you will always need to re-enter your credentials, unless you configure some kind of delegation.

You can read the documentation here which includes an example that uses Resource-based constrained delegation.

Hello, thanks for your response :) What was bothering me was to reenter my admin username each time, but I found out it was because of the intranet zone that was defined in my domain, I added my WAC server to the list of the Trusted sites zone and now Edge or Chrome ask me for my credentials :)