You can configure realms to use Windows desktop SSO in any of the following ways:
- SecureAuth IdP version 9.1 or and later
- SecureAuth IdP realm or integrated application with the following configured:
Microsoft Active Directory in use and integrated with SecureAuth IdP
- Set up custom identity SPN to leverage Integrated Windows Authentication (IWA)
- Go to the Workflow tab.
In the Workflow section, set the following:
Borderless_tables Default Workflow
Set to Username only.
UI Text Box size medium type note
To configure two-factor authentication (2FA), select Username | Second Factor.
Public/Private Mode Set to Public Mode Only.
In the Custom Identity Consumer section, set the following:
Borderless_tables Receive Token Set to Token. Require Begin Site Set to True. Begin Site
Use any of the following options:
- To include MFA and adaptive authentication in login workflow, set to Windows SSO. This method adds the Device Recognition layer, and is more secure.
- To skip the login workflow and go directly to the Post Authentication page, set to Windows SSO (skip workflow). This method does not include MFA, adaptive authentication, and increases performance.
Begin Site URL Depending on the Begin Site selection, this field is auto-populated with WindowsSSO.aspx or WindowsSSO2.aspx. User Impersonation Set to True. Windows Authentication Set to True.
- Click Save.