You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-desktop/configure-single-sign-on.md
+9-3Lines changed: 9 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ manager: femila
7
7
8
8
ms.service: virtual-desktop
9
9
ms.topic: how-to
10
-
ms.date: 12/06/2022
10
+
ms.date: 1/5/2023
11
11
ms.author: helohr
12
12
---
13
13
# Configure single sign-on for Azure Virtual Desktop using Azure AD Authentication
@@ -17,9 +17,9 @@ ms.author: helohr
17
17
> This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
18
18
> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
19
19
20
-
This article will walk you through the process of configuring single sign-on (SSO) using Azure Active Directory (Azure AD) authentication for Azure Virtual Desktop (preview). When you enable SSO, you can use passwordless authentication and third-party Identity Providers that federate with Azure AD to sign in to your Azure Virtual Desktop and Remote Applications.
20
+
This article will walk you through the process of configuring single sign-on (SSO) using Azure Active Directory (Azure AD) authentication for Azure Virtual Desktop (preview). When you enable SSO, you can use passwordless authentication and third-party Identity Providers that federate with Azure AD to sign in to your Azure Virtual Desktop and Remote Applications. When enabled, this feature provides a single sign-on experience when authenticating to the session host and configures the session to provide single sign-on to Azure AD based resources inside the session.
21
21
22
-
For additional passwordless functionality within the session, see the [**Next Steps**](#next-steps) section for configuring in-sessionpasswordlessauthentication below.
22
+
For information on using passwordless authentication within the session, see [In-session passwordless authentication (preview)](authentication.md#in-session-passwordless-authentication-preview).
23
23
24
24
> [!NOTE]
25
25
> Azure Virtual Desktop (classic) doesn't support this feature.
@@ -58,6 +58,12 @@ To enable SSO on your host pool, you must [customize an RDP property](customize-
58
58
59
59
When enabling single sign-on, you'll currently be prompted to authenticate to Azure AD and allow the Remote Desktop connection when launching a connection to a new host. Azure AD remembers up to 15 hosts for 30 days before prompting again. If you see this dialogue, select **Yes** to connect.
60
60
61
+
### Disconnection when the session is locked
62
+
63
+
When SSO is enabled, the Windows sign-in is done using an Azure AD authentication token, which provides support for passwordless authentication to Windows. The Windows lock screen in the remote session doesn't support Azure AD authentication tokens or passwordless authentication methods like FIDO keys. This would prevent users from being able to unlock their session. For this reason, when the session is locked, either through user action or system policy, the session is disconnected and an informational message is provided to the user.
64
+
65
+
Disconnecting the session also ensures that when the connection is relaunched after a period of inactivity, the applicable conditional access policies are evaluated.
66
+
61
67
## Next steps
62
68
63
69
- Check out [In-session passwordless authentication (preview)](authentication.md#in-session-passwordless-authentication-preview) to learn how to enable passwordless authentication.
0 commit comments