Configure TruGrid Secure RDP to Authenticate against Azure AD

If you would like to use On-Premise AD to authenticate users, please refer to this article.

Connecting a TruGrid domain to Azure AD (Active Directory) allows ADMINS and USERS to authenticate against Azure AD instead of traditional Active Directory. Support for Azure AD applies to using the TruGrid web portal and Windows native connector. Mac and mobile connectors are not currently supported with Azure AD.

Important Notes
A domain cannot be configured to authenticate against traditional Active Directory and Azure AD at the same time. Only one authentication source is allowed per domain. If you need a domain reset so you can switch authentication methods and set it up again, please contact us on live chat and we can help you get it reset.
Authenticating against Azure AD for SecureRDP login requires that your RDP hosts, which can be located anywhere, have TruGrid SecureConnect installed
Once a TruGrid domain is connected to Azure AD, end user logins will use existing MFA already configured for the account in Azure AD

High-Level Setup Steps
Login to your Azure AD portal (portal.azure.com) as an ADMIN. Create and populate TG-USERS group with users
Login to the TruGrid portal. Find the domain you would like to connect, then click CONNECT TO AZURE AD and complete the consent for the organization
Login to the TruGrid Windows Connector with an Azure AD account with ADMIN rights and complete the consent for all users

Detailed Step-by-Step Configuration

For the Azure AD domain to connect to TruGrid, login to portal.azure.com
A. Open Azure Active Directory
B. Navigate to GROUPS and create a group called TG-USERS. A TG-USERS group synchronized via Azure AD Connect to on-premise AD may work but has not been tested
C. Add users to the TG-USERS group in Azure AD. (Note: Make sure each user is set as a Member user type. If a user is not reporting in, this could be why)

Create and populate TG-USERS group with users

Login to TruGrid Portal - trugrid.net
A. Find the domain you would like to connect to Azure AD. The domain must already be validated within TruGrid and not currently connected to an on-premise AD



B. Click CONNECT TO AZURE AD and login with your Azure AD ADMIN account that is authorized to create Enterprise Apps. Azure AD Global Admin has the proper permissions

Click CONNECT TO AZURE AD

C. After providing login, click the CONSENT check box and click ACCEPT to approve the connection for the organization

Click CONSENT and ACCEPT to approve the connection to Azure AD

D. The TruGrid domain is now connected to Azure AD

TruGrid Domain Connected to Azure AD

E. While still logged into the TruGrid portal as an ADMIN, navigate to the SUBSCRIPTION page and add licenses to the new domain
F. Next, install TruGrid SecureConnect on RDP / RDS hosts. See image in step D above for where to locate SecureConnect Activation Code
G. From the TruGrid portal, navigate to the RESOURCE ASSIGNMENT page and assign desktops to users. Click the Refresh data from AD button if nothing shows up

Login to TruGrid Connector and consent for all users
A. Login to TruGrid Web or Windows Connector with an Azure AD ADMIN account

Login to TruGrid Connector with an Azure AD ADMIN account

B. Select CONSENT and then ACCEPT to approve the use of Azure AD login for all users

Click CONSENT and ACCEPT on behalf for all users

C. You may now connect to assigned RDP / RDS hosts. End users can now login to TruGrid Web or Windows Connector with their Azure AD login

Connect to assigned RDP / RDS host

Note: Logins to the RDP / RDS hosts may require a separate login, especially if not joined to the same Azure AD or Active Directory. Please supply the proper login and use the REMEMBER ME option to save the password for future login.

Please see this guide to learn how to disconnect TruGrid from Azure AD

Please see this guide to learn how to manage MFA prompts in Azure
Was this article helpful?
Cancel
Thank you!