RDP services in Domain access via SSO from a client system not joined to Domain RRS feed

  • Question

  • Hi,

    is it possible to enable SSO for clients not joined to the Domain for accessing via the Web frontend?

    Possibly any Step By step guides would be great :o)

    Thanks, Peter

    Tuesday, March 31, 2015 10:06 AM


  • Hi Peter,

    There are 2 scenarios, if you want to access the client directly via RDP to server then it’s not possible. But if you want to access the RD Web and connect then SSO will work for non-domain joined. In both cases there are some points need to consider. 

    To implement single sign-on functionality in Remote Desktop Services, there are certain points.
    - Ensure that the user accounts that are used for logging on have appropriate rights to log on to both the RD Session Host server and the client computer.
    - Your client computer and RD Session Host server must be joined to a domain.

    More information.
    How to enable Single Sign-On for my Terminal Server connections

    In order for Web SSO to work:
    1. The connection in RemoteApp and Desktop Connections must have an ID. By default, it is set to the Fully Qualified Domain Name (FQDN) of the RD Connection Broker server in case of RD Connection Broker mode. In RD Session mode, it is set to the FQDN of the RD Web Access server.
    2. RemoteApp programs must be digitally signed using a Server Authentication certificate [Secure Sockets Layer (SSL) certificate]. The certificate Enhanced Key Usage section must contain ‘Server Authentication (’
    3.  Client operating systems must trust the certificate with which the RemoteApp programs are signed.

    More information.
    Introducing Web Single Sign-On for RemoteApp and Desktop Connections

    Hope it helps!


    Dharmesh Solanki

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, April 2, 2015 1:41 AM