Configuring Azure Active Directory in Workspot Control

  • 26 August 2022
  • 1 reply
  • 490 views
Robert Plamondon
Rank
Userlevel 4

Configuring Azure Active Directory in Workspot Control

 

Last updated on December 6, 2023 by Robert Plamondon

 

Contents

 

Introduction

Workspot supports Azure Active Directory (Azure AD) as an optional method for authenticating your Workspot users’ access to the Workspot Client.

Workspot's Azure AD support allows end-users to log into the Workspot Client using Microsoft's Azure AD services, using whatever settings for access, multi-factor authentication, etc. that you have set up with Azure AD.

Azure AD is supported by all Workspot Clients.

About Microsoft Azure AD

Azure AD is Microsoft’s cloud-based directory and identity management service. See Microsoft’s What is Azure Active Directory? for more information.

End-User Experience

When Azure AD is enabled, the users receive a Microsoft Login/Office 365 Login experience, customized according to whatever rules you have set up with Microsoft for Azure AD, including a customized logo and MFA (multi-factor authentication) requirements.

With Azure AD sign-in, end-users no longer have the option of having a PIN to lock their Workspot Clients: they have to sign in with a password and possibly MFA each time they start or unlock the Client.

The first time they sign in with a given Client, end-users are asked to identify themselves by email address. This screen will not be shown on later sessions:

 

Then they are asked for a password via a Microsoft Login screen that you have (probably) customized with your own logo. Subsequent sign-ins will start with this screen:

 

On successful sign-in, they will be taken to the Workspot Client dashboard:

The Microsoft Login screen, as usual, also allows them to sign in as a different user or to change their password.

Configuring Workspot for Azure AD

Requirements

  • Workspot’s Azure AD support is an optional feature. To make it available for your deployment, contact your Workspot customer service representative.
  • To use Azure AD with Workspot, you need an existing, configured Azure AD subscription for your organization.
  • Your Azure AD deployment must be synchronized with your Active Directory servers used by your Workspot Enterprise Connector.
  • You need your organization’s Azure AD global administrative credentials to authorize Workspot access to your Azure AD service.
  • You need administrator-level access to your Workspot Control account.
  • Both your Workspot RD Gateways and Workspot Clients must be able to reach https://login.microsoft.com.

Caveats

  • Azure AD currently cannot be disabled by the Workspot customer, but only by Workspot Support.

  • This Azure AD support does NOT replace the Workspot Enterprise Connector. The Workspot Enterprise Connector and its connection to your AD server are currently still required.

  • The Workspot Agent is unchanged. This means that end-users will log into remote desktops and applications as before. Only the login to the Workspot Client changes.

Procedure

To configure Workspot to use Azure AD:

  1. Log onto Workspot Control as a Workspot Administrator
  2. Navigate to Setup > Configuration.
  3. Find the Azure AD Auth section and click the “Enable” button.


Note: Screen configurations will vary slightly from those shown.

 

 

 

  1. A descriptive screen will appear. Read it and press the “Continue” button.

 

  1. A Microsoft login window will pop up. Enter your Organization Azure AD global administrative user credentials.

 

  1. The Microsoft Azure AD system will ask you to approve Workspot read-only access to your user profiles. Click “Accept.”

 

  1. Azure AD access has been enabled. Workspot Control will now give you the opportunity to log your browser out of the Azure AD administrative account. To sign out, click your account under the “Pick an account” heading.

 

  1. When you return to the Configuration page in Workspot Control, Azure AD Authentication will be shown as “Enabled.”


 

 

Testing Your Installation

Test the installation on a system with an Azure AD-compatible Workspot Client.

  • Exit and restart the Workspot Client to ensure that the Client has polled Workspot Control for the latest configuration.
  • You will be prompted to log in via a Microsoft login screen (similar to the one you used when enabling Azure AD).
  • Log in with valid Azure AD user credentials.
    • If successful, the Workspot Client will show your desktops and apps.
    • If you receive the error message, "Your token credentials were rejected by the Remote Desktop Gateway," your Workspot RD Gateway likely can't reach https://login.microsoft.com due to firewall restrictions.

 

Event Log Messages

Workspot Control logs the initiation, success, or failure of the Azure AD setup process, as shown in the image below.

Note: If you close your browser partway through the process, subsequent log messages are not guaranteed.

1 reply

J
Rank
Userlevel 1
Badge

Azure Active Directory (Azure AD, AAD) permissions are described in this page under step 4.

Reply


Terms & ConditionsCookie settings