So for one of our customers we have moved one of their legacy application (non-web app) to azure and made it available through an RDgateway and azure application proxy. As descibed here: microsoft learn - application-proxy-integrate-with-remote-desktop-services.
This is working great but the problem is users have to login twice, once on the application proxy and once on the RDweb page. And we would really like to avoid this.
To describe the setup we have currently:
- We have azure active directory synced with AADDS (in azure)
- There are 4 virtual machines currenlty running in azure (all joined to the AADDS domain)
- 1 with the RDgateway, RDweb (RDwebclient, HTML5 client), RD licensing roles
- 1 with the RD session host role
- 1 With the azure application proxy extension
- 1 With the legacy application running
Currently when users login they once have to authenticate on the office365 page (the azure application proxy) with their azure active directory credentials, and once on the Rdweb page with their AADDS credentials. Since both are synced user have to fill in the same credentials twice. And we would like to make it only one login (with the azure active directory credentials).
We have tried using the password based SSO, as descibed here: microsoft learn - application-proxy-configure-single-sign-on-password-vaulting. But this requires the user to install the myapps extension in their browser, which is a big no-go for us.
Any ideas on how to get SSO between the RDweb page and azure application proxy to work?
Any help is appreciated!
