Forum / Devolutions Password Server - Support

Setting up Integrated Authentication

  • Create an Issue
  • Cancel

Hi Guys

I dont really find a nice step-by-step guide for setting up Integrated Auth.
What I wanna achieve:
Have some AD security groups. Then I add these rules as roles in RDMS. In RDMS I add groups to set permissions on connections/etc.
However when I manually add AD users to RDMS and set permisions according to RDMS groups it all works fine. But when I only attach the role to the group I can login with the user but it tells me i dont have any permissions.

I already added my AD security group as security prinipal in SQL instance and RDMS database. I am able to login with all user in the AD security group with MS SQL Server management Studio. What else will I have to set up?

Best regards
Ramon

Clock6 yrs

Hi,

Could you click on File -> My Data Source Information and send us the information. You will see a little envelope at the top left of the window.

Please send us this information from the user that you received the permissions error.

Regards,



Jeff Dagenais

signaturesignature

Clock6 yrs

Hi Jean

how can I click on My Data Source if i am not able to log in properly?

Clock6 yrs

Hi,

Could you post a print screen of the error ?

Regards,



Jeff Dagenais

signaturesignature

Clock6 yrs

Ofcourse here we go:
https://imageshack.com/i/idD82cP5p
Thats all I get. With manual added AD users login and access works fine.

Clock6 yrs

Jean-François Dagenais wrote:

Hi,

Could you post a print screen of the error ?

Regards,


Any ideas? Would really wanna make sure this is working. Otherwise it doesnt make sense to spend 1,500$ yearly. Please let me know.

Clock6 yrs

Hi,

Did you add one or more roles to the user? Is the user is member of one of your AD Group?

Our security groups are container for sessions, not people. Each folder gets sessions that have the same security requirements. You then assign each users\roles the permission they need across the security groups.

Regards,



Jeff Dagenais

signaturesignature

Clock6 yrs

Okay let's start from the scratch:
I have two AD Groups:
Users and Admins
These groups contain my users I want to permit to use RDM.

I added these AD groups as roles in RDMS.
Then i created two security groups:
Users and Admins
These I assign my Customer container.

In the roles I configure that users with that role will have access to this security groups.

Tell me if I am all wrong here.

When I create a user manually by using active directory and add it to that security group access works all fine!
Just when I only add the role/AD group and match it to the security groups it gives me this error.

Clock6 yrs

Hi,

The security groups are container for sessions. The roles are assigned to users, not to security groups.

If you have a few minutes, I suggest you to watch the RDM Security Group Management on our website
http://remotedesktopmanager.com/Support/Video

Best regards,



Jeff Dagenais

signaturesignature

Clock6 yrs

This is absolutly not what I am trying to setup. Whats the point of having active directory if I have to add every user manually to RDM?

I want to achieve the following: Having two security groups IN ACTIVE DIRECTORY. Either when they are in one group called admins - they will be able to log in to RDM and be admins.

Or they are in the group called users and they will be able to log in to RDM but only see the sessions they have permissions to this.

Let me know if this is possible. If not I can stop the evaluation at this point.

Clock6 yrs

Hi,
Yes it's possible.

User in RDM are mapped to a user in AD
Security group in RDM are linked to sessions and are assigned to a user or a role
Role in RDM are mapped to an AD Group (which you seem to call security group)

So all you need to do is to create two roles in RDM with the exact AD name for the group you want. Assign the security groups to those roles. Make sure in the RDMS console that the auto create user is checked. This will add as they connect the user to RDMS and will map the assigned roles based on the AD group.

Our Business Architect is currently on vacation but he will be back next week. Perhaps we could setup a small demo if you want?

David Hervieux

signaturesignature

Clock6 yrs

Ahhhh now I get the feature of the auto create. I thought this was to auto create users in AD there I didnt tick that. So the auto creat only creates users inside RDM?

Clock6 yrs

Yes exactly. I think we should change the label. We need the user in the RDMS database to link it to the logs, store the user specific settings and link the todos.

David Hervieux

signaturesignature

Clock6 yrs

Thanks alot. Was only that tick. Runs as expected now. Just need to buy a license now smile

Clock6 yrs

Great! We can still schedule a small demo if you want. you could learn some good practices. By the way I've just changed the label for Auto create domain users IN DATABASE

David Hervieux

signaturesignature

Clock6 yrs

Hello,

I'm back in full force, you can use the http://remotedesktopmanager.com/Home/RequestDemo link to... well... request a demo wink



Maurice Côté

signaturesignature

Clock6 yrs

You can secure access to your portal using Integrated Windows Authentication (IWA). When you use IWA, logins are managed through Microsoft Windows Active Directory. Users do not sign in and out of the portal website; instead, when they open the website they are signed in using the same accounts they used to log in to Windows.


Regards,
edited by dhervieux on 8/16/2014

Clock6 yrs