RDS presented to customer org, using ADFS for sso

Turpin, James 21 Reputation points
2020-08-04T08:00:19.53+00:00

Hi

We have an RDS 2012R2 environment that we need to present a customer org. for ~ 1000 x users.
Will be RDS web or the RDAC used by customer.

We also have an ADFS farm, externally accessible.
We can add in the customer's ADFS as a claims provider trust, so that when they enter their creds at our ADFS it redirects to theirs for auth > send token back to our ADFS and hopefully logs them into our RDS web environment? Is this supported?!

Are we able to use WAP in conjunction with RDS to present ADFS authentication to our customers?
As obviously we don't wish to enter 1000 x users into our AD.

End goal being that joe@customerorg.uk can authenticate as himself to our RDS Web or RDAC.
However, in this scenario not sure how we would assign resources to the customer given they are not known by our AD/RDS for group assignment?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,203 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,267 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
    2020-08-04T20:15:08.447+00:00

    You can publish an RDP gateway with the Web Application Proxy. There is example here.
    That's for the access to the gateway. This does not provide SSO when you connect from this gateway to the actual target hosts.

    0 comments
  2. 9704244848 186 Reputation points
    2020-08-09T13:14:08.393+00:00
    0 comments