Access Portal RDP full SSO


Could you please create a full single-sign on option for RDP sessions through the Access Portal.
Users have to login in to the portal with AD MFA and then again for the RDP session. Why can't the portal logon be used for the RDP?
Many other vendors running the same underlying guacamole have had this feature for years.
Would be awesome if Watchguard also implemented this.

Thanks in advance!


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @IHCS
    This is possible, but a different profile needs to be made for each user to do this. Windows expects the signon to occur during the connection when NLA is in use.

    -James Carson
    WatchGuard Customer Support

  • Hi James,
    Sounds good, talked to another wg representative recently who wasn't sure that was possible. Glad your saying it is.
    Do you have any documentation on this setup? All I could find is a statement that SAML SSO only works for HTML connections not the RDP/SSH ones, which are actually opened in a new HTML window...
    The HTML5 RDP session is HTML...

    'For the Access Portal, SAML SSO applies only to web applications. You cannot use SAML SSO for RDP or SSH connections in the Access Portal.

    Either way, can't really find a clear path to use SSO for the Access Portal and the RDP's using the same token.

    If you do, that would be awesome!


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @IHCS

    You'll need to specify resources by user, and make an RDP application for each user, assigning each to their specific user:

    This is a requirement of NLA -- if NLA is turned off you can have the users specify their username/password once they've connected on the normal windows logon screen.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.