Remote Desktop

Frequently Asked Questions on Remote Desktop Access

Single Sign-on

If your question is not addressed below, please contact us through our support form and we'll get back to you shortly.
faq What is Single Sign-on?
faq How do I set up single sign-on (SSO) with Remote Desktop?
faq How do I configure my Remote Desktop account for SSO?
faq How do I generate the SCIM provisioning token for SSO to sync contacts from IdP?
faq How do I enable SSO for my users?
faq Is it possible to delete a SSO profile?
faq How can I disable SSO for a user?
faq Can I configure my own identity provider for SSO?
faq Can I login via SSO from my computers and mobile devices?
faq How do I sign in to my SSO enabled account from the desktop?

What is Single Sign-on?

Single Sign-on (SSO) is a one-step user authentication process. If you are the admin of a Premium or Corporate plan account, you can set up SSO with the identity providers (IdP) of your choice. Your users can access Remote Desktop using the IdP credentials without another password to manage.

Note: Remote Desktop account owners will not be able to sign in using SSO.

How do I set up single sign-on (SSO) with Remote Desktop?

Admin of a Premium or Corporate plan account can configure SSO to access Remote Desktop by signing in to a central identity provider. To set up SSO, you need to configure your identity provider and then configure your Remote Desktop account.

How do I configure my Remote Desktop account for SSO?

To set up SSO for your Remote Desktop account,

  1. Log in to Remote Desktop via web browser.
  2. Click the username and click 'My Account'.
  3. Click 'Single Sign-On'.
  4. Enter a name for your SSO profile.
  5. Enter the URLs and add the X.509 certificate received from your IdP.
    Note: X.509 certificate should only be in .pem or .cer format.
  6. Click 'Configure Single Sign-On'.
    Remote Desktop

You will receive an email when SSO is enabled.

How do I generate the SCIM provisioning token for SSO to sync contacts from IdP?

To generate a token for syncing contacts,

  1. Log in to Remote Desktop via web browser.
  2. Click the username and click 'My Account'.
  3. Navigate to the 'Single Sign-On' tab and click the 'Generate Token' button under 'Sync users from your identity provider' to generate a token.
  4. Click the 'Copy Token' button to copy and save the token for future reference.
    Remote Desktop

How do I enable SSO for my users?

Admin of Premium or Corporate plan accounts can either select SSO for login while inviting users to create an account or enable SSO for existing users.

To invite SSO users,

  1. Log in to Remote Desktop via web browser.
  2. Go to the 'Users' tab and click 'Add User'.
  3. Enter the user email address in the 'Email Address' field.
  4. Select group and other preferences for the user.
  5. Select 'Enable SSO'.
    Remote Desktop
    Note: If you select the checkbox, users won't have to set a password for their account.
  6. Click 'Invite User'.

To enable SSO for existing users,

  1. Log in to Remote Desktop via web browser and go to the 'User Management' tab.
  2. Hover on the user you want to edit and click Remote Desktop.
  3. Select 'Enable SSO'.
  4. Click 'Save'.

Is it possible to delete a SSO profile?

Yes, admins can remove a SSO profile from their account.

To remove SSO profile,

  1. Log in to Remote Desktop via web browser.
  2. Click the username and click 'My Account'.
  3. Click 'Single Sign-On'.
  4. Click Remote Desktop corresponding to the SSO profile you wish to delete.
  5. Click 'Delete' in the confirmation popup to remove the SSO profile.

Deleting the SSO profile will remove Single Sign-On for all users linked with this profile and they will have to use their registered email and password for login.

How can I disable SSO for a user?

To disable SSO for a user,

  1. Log in to Remote Desktop via web browser and go to the 'User Management' tab.
  2. Hover on the user you want to edit and click Remote Desktop.
  3. Deselect the 'Enable SSO' checkbox.
  4. Click 'Save'.

In case you disable single sign-on for a user, they will need to set a new password for their account. Once done, the user must use their email address and new password to login.

Can I configure my own identity provider for SSO?

Yes, you can configure your own identity provider for SSO along with a set of parameters as described below:

  • Remote Desktop uses SAML2 with the HTTP Redirect binding for Remote Desktop to IdP and expects the HTTP Post binding for IdP to Remote Desktop.
  • While configuring with SAML, use the following URLs and save the changes.
    1. Single sign on URL:
      https://sso.remotedesktop.com/rpcnew/sso/process
    2. Audience URL (SP Entity ID):
      https://sso.remotedesktop.com/rpcnew/sso/metadata
  • Your identity provider may ask if you want to sign the SAML assertion, the SAML response, or both.

Can I login via SSO from my computers and mobile devices?

All computers and mobile devices that are currently linked to Remote Desktop accounts will continue to work as usual. However, if users need to login via an already configured or new device, they'll need the latest versions* of the desktop application and mobile app in order for single sign-on to work. If they haven't signed in to your identity provider, they'll be automatically redirected to the IdP on login.

Remote Desktop

*Note: SSO is supported for Remote Desktop Windows application version 7.6.31 and higher / and Mac application version 7.6.23 and higher / and iOS app version 7.6.26 and higher / and Android app version 4.2.3 and higher.

How do I sign in to my SSO enabled account from the desktop?

To sign in to SSO enabled account via desktop,

  1. Click 'Single Sign-On (SSO)' on the login screen.
  2. Enter 'Email Address' and click 'Login'. You will be redirected to IdP web sign in page.
  3. Enter the username and password registered with IdP, when prompted to enter credentials.

Upon successful validation of user identity, you will be prompted to go back to the desktop application and you can now continue using your Remote Desktop account.