Single Sign-On

If your question is not addressed below, contact us through our support form and we will get back to you shortly.

Single Sign-On
faq What is Single Sign-on?
faq How do I set up Single Sign-On (SSO) for Remote Desktop?
faq How do I configure my Remote Desktop account for SSO?
faq How do I generate the SCIM provisioning token for SSO to sync contacts from IdP?
faq How do I enable SSO for users?
faq How do I edit an existing SSO profile?
faq Can I remove an SSO profile?
faq How do I configure the identity provider?
faq How does the user sign in to their SSO-enabled account?

What is Single Sign-on?

Single Sign-on (SSO) is a one-credential solution for signing into multiple applications. You can set up SSO with the identity provider (IdP) of your choice and enable users to access Remote Desktop using the IdP credentials, without another password to manage. It encourages stronger passwords and allows better credential management.

Note: Remote Desktop Admin will not be able to sign in using SSO.

How do I set up Single Sign-On (SSO) for Remote Desktop?

To set up SSO, you need to configure your identity provider and then configure your Remote Desktop account. Admin can configure SSO for users and enable their access to Remote Desktop by signing in to a central identity provider.

How do I configure my Remote Desktop account for SSO?

To configure SSO for your Remote Desktop account,

  1. Sign in to Remote Desktop via any browser.
  2. Navigate to 'My Account' > 'Single Sign-On'.
  3. Enter a name for your SSO profile.
  4. Enter the URLs and add the X.509 certificate received from your IdP.
    Note: X.509 certificate should only be in .pem or .cer format.
  5. Click 'Configure Single Sign-On'.
    SSO-img

How do I generate the SCIM provisioning token for SSO to sync contacts from IdP?

To generate a token for syncing contacts,

  1. Sign in to Remote Desktop via any browser.
  2. Click the profile displayed on the top-right corner and click 'My Account'.
  3. Navigate to 'Single Sign-On' > 'Sync users from your identity provider' and click 'Generate Token'. A token will be generated.
    SSO-img
  4. Click 'Copy Token' to copy and save it for future reference.
    SSO-img
  5. Use the token to sync contacts from Okta, OneLogin, and Azure AD.

How do I enable SSO for users?

You can either select SSO for sign-in while inviting users to create an account or enable SSO for existing users.

To invite SSO users,

  1. Sign in to Remote Desktop via any browser.
  2. Go to the 'User Management' tab and click 'Add User'.
  3. Enter the user email address in the 'Email Address' field.
  4. Tick the 'Enable SSO' checkbox.
    Note: If you select the checkbox, users won't have to set a password for their account.
  5. Click 'Invite'.

To enable SSO for existing users,

  1. Sign in to Remote Desktop via any browser and go to the 'User Management' tab.
  2. Hover on the user you want to edit and click .
  3. Select 'Enable SSO'.
  4. Click 'Update'.

How do I edit an existing SSO profile?

To edit an SSO profile,

  1. Sign in to Remote Desktop via any browser.
  2. Navigate to 'My Account' > 'Single Sign-On'.
  3. Click corresponding to the SSO profile you wish to edit.
  4. Edit as per your requirement and click 'Update Single Sign-On'.
    Note: You can edit the SSO name, Single Sign-On URL, IDP issuer URL, and X.509 Certificate, and add comments.

The SSO profile will be updated.

Can I remove an SSO profile?

Yes, you can remove an SSO profile from your account.

To remove an SSO profile,

  1. Sign in to Remote Desktop via any browser.
  2. Navigate to 'My Account' > 'Single Sign-On'.
  3. Click corresponding to the SSO profile you wish to delete.
  4. Click 'Delete' in the confirmation popup to remove the SSO profile.

Deleting the SSO profile will remove Single Sign-On for all users linked with this profile and they will have to use their registered email and password for sign-in.

How do I configure the identity provider?

Remote Desktop supports sign-in via credentials created using Standard Assertion Markup Language (SAML) 2.0. SAML URLs and certificate is needed for implementing SAML authentication, which can be obtained from any supported IdP.

Once you register with an IdP of your choice, you will receive the following:

  1. IdP Issuer URL: This URL uniquely identifies the application for which the Single Sign-On is being configured.
  2. Single Sign-On URL: This URL processes an authentication request from the user's browser and returns an authentication response to verify the user.
  3. X.509 certificate (Base64): An X.509 certificate is a security certificate that you receive from your identity provider to verify your identity. It comes in different formats, but Remote Desktop only accepts .pem or .cer format.

How does the user sign in to their SSO-enabled account?

To sign in to the Remote Desktop account via SSO, a user needs to,

  1. Click 'Single Sign-On (SSO)' on the sign-in screen.
  2. Enter 'Email Address' and click 'Sign in'. The user will be redirected to the IdP web sign-in page.
  3. Enter the username and password registered with the IdP, when prompted to enter credentials. On successful validation of user identity, the user will be redirected to the Remote Desktop account.