Configure TruGrid Secure RDP to Authenticate against Entra ID

If you would like to use On-Premises AD to authenticate users, please refer to this article.

Connecting a TruGrid domain to Entra ID allows ADMINS and USERS to authenticate against Entra ID instead of traditional Active Directory. Support for Entra ID requires the use of TruGrid Web Connector, TruGrid Windows Connector, TruGrid Mac Connector, or TruGrid Mobile for iOS. TruGrid Mobile for Android currently not supported.

Important Notes
If you wish to connect your TruGrid account to Active Directory and Entra ID, please follow our guide for Hybrid AD setup
In a non-hybrid setup, authenticating against Entra ID for SecureRDP login requires that your RDP hosts, which can be located anywhere, have TruGrid SecureConnect installed
Once a TruGrid domain is connected to Entra ID, end user logins will use existing MFA already configured for the account in Entra ID

High-Level Setup Steps

Login to your Entra ID portal ( portal.azure.com) as an ADMIN. Create and populate TG-USERS group with users
Login to the TruGrid portal. Find the domain you would like to connect, then click CONNECT TO ENTRA ID and complete the consent for the organization
Login to the TruGrid Windows Connector with an Entra ID account with ADMIN rights and complete the consent for all users

Detailed Step-by-Step Configuration

For the Entra ID domain to connect to TruGrid, login to portal.azure.com
A. Open Azure Active Directory
B. Navigate to GROUPS and create a group called TG-USERS.
C. Add users to the TG-USERS group in Entra ID. ( Note: Make sure each user is set as a MEMBER user type. If a user is not reporting in, this could be why)



Login to TruGrid Portal - trugrid.net
A. Find the domain you would like to connect to Entra ID. The domain must already be validated within TruGrid



B. Under DOMAIN MANAGEMENT, click CONNECT TO ENTRA ID and login with your Entra ID ADMIN account that is authorized to create Enterprise Apps. Entra ID Global Admin has the proper permissions



C. After providing login, click the CONSENT check box and click ACCEPT to approve the connection for the organization



D. The TruGrid domain is now connected to Entra ID



E. While still logged into the TruGrid portal as an ADMIN, navigate to the SUBSCRIPTION page and add licenses to the new domain
F. Next, install TruGrid SecureConnect on RDP / RDS hosts. See image in step D above for where to locate SecureConnect Activation Code
G. From the TruGrid portal, navigate to the RESOURCE ASSIGNMENT page and assign desktops to users. Click the Refresh data from AD button if nothing shows up

Login to TruGrid Connector and consent for all users
A. Login to TruGrid Web or Windows Connector with an Entra ID ADMIN account



B. Select CONSENT and then ACCEPT to approve the use of Entra ID login for all users



C. You may now connect to assigned RDP / RDS hosts. End users can now login to TruGrid Web or Windows Connector with their Entra ID login



Note: Logins to the RDP / RDS hosts may require a separate login, especially if not joined to the same Entra ID or Active Directory. Please supply the proper login and use the REMEMBER ME option to save the password for future login.

Please see this guide to learn how to disconnect TruGrid from Entra ID

Please see this guide to learn how to manage MFA prompts in Azure

Updated on: 26/02/2025