Active Directory Single Sign-On

In order to enable Windows SSO authentication for generated clients:

Update TSplus Remote Access to the latest version on a server joined to the domain.

Generate a client from the Client Generator, checking the "Enable Single Sign-On (SSO)" box in the "Security" tab.

Connect from a machine joined to the domain using the generated client.

SSO


Configuring Group Policy for Windows Single Sign-On (SSO) via Remote Desktop Client

From the domain controller: 1. Open the Group Policy Management Console. 2. Right-click on the Organizational Unit (OU) where the Group Policy Object (GPO) should be applied and select "Create a GPO in this domain, and Link it here...". 3. Name the GPO (e.g., SSORDSMYSERVER) and click "OK". 4. Right-click on the created policy and select "Edit". 5. Navigate to the following location: "Computer Configuration / Policies / Administrative Templates / System / Credentials Delegation." 6. Double-click on "Allow delegating default credentials" to open the settings. 7. Enable the setting and click "Show..." 8. In the Value field, enter the server(s) in the format TERMSRV/serverfullyqualifieddomain_name and click "OK". 9. Click "Apply" and "OK" to close the window. From the client machine: 10. Update group policies by running the following command as an administrator: gpupdate /force.