cancel
Showing results for 
Search instead for 
Did you mean: 

SSO to Terminal services with SAML authentication

SOLVED
roms
Occasional Contributor

SSO to Terminal services with SAML authentication

Hi forum,

I have a question regarding Terminal Services authentication (SSO) while I am authenticating users with an external Idp (okta) which is running with login = email adresses.

Internally my users are authenticating to Termainal Servies with their AD account which has nothing to do with email.

Is there a chance we can send someting to the terminal services to allow autneitcation of these users?

I am able to send some information to the Pulse Secure Server through SAML but looks the PCS is not able to use them.

Any idea?

How are you doing such use cases?

Regards

Tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
zanyterp
Moderator

Re: SSO to Terminal services with SAML authentication

unfortunately, no, it is not possible to do SSO to terminal services when using only SAML for login
when SAML is used, the PCS does not have access to the password
in order to not require users to enter their username & password on the RDP login page/use SSO, you will need to enable a second authentication on the realm and then configure the RDP bookmark with the variable <username[2]> and <password[2]>

View solution in original post

2 REPLIES 2
zanyterp
Moderator

Re: SSO to Terminal services with SAML authentication

unfortunately, no, it is not possible to do SSO to terminal services when using only SAML for login
when SAML is used, the PCS does not have access to the password
in order to not require users to enter their username & password on the RDP login page/use SSO, you will need to enable a second authentication on the realm and then configure the RDP bookmark with the variable <username[2]> and <password[2]>

View solution in original post

roms
Occasional Contributor

Re: SSO to Terminal services with SAML authentication

Hello Zanyterp,

Thanks for the response.

That makes sense that the password is not sent over SAML.

I was on the way to add the second Auth Server and play with <password2>

Not really friendly for user as they have to type several pasword, but did the job