You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
For Windows VMs we often join them to Microsoft AAD/Entra and enforce SSO with people's user accounts instead of local users. On a Mac this is achieved using the enablerdsaadauth RDP parameter.
Achieving this without Boundary on a Mac can be done with the following RDP uri:
open -W -u 'rdp://full%20address=s%3A{{my_azure_ad_joined_machine}}%3A3389&enablerdsaadauth=i%3A1'
Result
Providing the username= param will pre-populate and jump straight through to SSO.
Describe the solution you'd like
I'm unsure if feasible, but a credential store or the ability to pass through additional RDP parameters enabling enablerdsaadauth would be what is needed.
Describe alternatives you've considered
As expected, doing the following just ignores the extra param and prompts for username/password:
boundary connect -exec open -target-id ttcp_oaKprXtMlf -- -n -W rdp://full%20address=s={{boundary.addr}}&enablerdsaadauth=i%3A1
Explain any additional use-cases
I've not tested the experience on a Windows clients, nor have I explored AAD login to linux boxes.
Additional context
Boundary is awesome for our Linux machines, but for AAD Joined machines it's a no-go for us until a solution like this works.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
For Windows VMs we often join them to Microsoft AAD/Entra and enforce SSO with people's user accounts instead of local users. On a Mac this is achieved using the
enablerdsaadauth
RDP parameter.Achieving this without Boundary on a Mac can be done with the following RDP uri:
open -W -u 'rdp://full%20address=s%3A{{my_azure_ad_joined_machine}}%3A3389&enablerdsaadauth=i%3A1'
Result
Providing the
username=
param will pre-populate and jump straight through to SSO.Describe the solution you'd like
I'm unsure if feasible, but a credential store or the ability to pass through additional RDP parameters enabling
enablerdsaadauth
would be what is needed.Describe alternatives you've considered
As expected, doing the following just ignores the extra param and prompts for username/password:
Explain any additional use-cases
I've not tested the experience on a Windows clients, nor have I explored AAD login to linux boxes.
Additional context
Boundary is awesome for our Linux machines, but for AAD Joined machines it's a no-go for us until a solution like this works.
The text was updated successfully, but these errors were encountered: