RDP SSO Server

(Versions 7.5.2+, Enterprise+SSO)

RDP SSO Server allows users to access privileged machines through the standard Remote Desktop Connection client without sharing the username or password with the end user.

Note: An Enterprise+SSO license is required. Contact Us if you would like a trial license for testing purposes.

This page describes the steps needed to setup and use the RDP SSO functionality of Pleasant Password Server. In this scenario, we will assume that we want to connect to a computer called rdp1.

Document Sections:

1. Encryption Requirements

Encryption Levels: RDP SSO attempts to use the highest level of encryption available when building the connections.

2. RDP SSO Setup

Enable RDP SSO

The RDP SSO Service must be enabled on the machine hosting Password Server.
 To start the RDP SSO process:

  1. Navigate to the SSO Server > SSO Server Status window
  2. Toggle the RDP SSO Server toggle to ON
    • The machine hosting the Password Server may open a popup asking for firewall access
    • Grant the RDP SSO server access to listen on port 7070

 Enable RDP SSO

Configure RDP SSO Server

The RDP SSO Settings can be found on the SSO Server > SSO Settings page.

SSO Settings1
 The RDP relevant fields under the Password SSO section are:

Separate Permissions for RDP SSO (Optional)

By default, Access Levels allow SSO functions, however, you may wish to create an SSO Access Level to keep the permissions separate.

This Access Level (below) will allow an end user to Launch RDP SSO without having access to the Computer, Username, or Password. It illustrates the minimum access required to use SSO. If desired, you can add additional permissions.

In this configuration, the user will not have access to any information about the credential.

SSO Only Access Level

3. Create an RDP SSO Login

Confirm Access Credentials
  1. From the Password Server computer, Run > Remote Desktop Connection.
  2. Enter the Computer (ie. rdp1), User name, and Password to confirm the credentials you are using to connect with the remote server are valid and the remote server is active.
Add a Connection Credential

This is the information that RDP SSO with use when logging in to the remote server.

  1. Login to the Password Server Web Client  using your username/password (By Default, https://localhost:10001/)
  2. Navigate to the Home tab > Add or select a Folder > Select the Add Entry button and enter values:
    • Title: (e.g. Remote Machine 1)
       Credential Details
    • Username: (e.g. rdpuser)
      • The domain (if applicable) must be specified in either the Username or URL 
      • Formats:
        • username
        • fullyQualifiedDomainName\username
        • username@fullyQualifiedDomainName
    • Password: (e.g. rdppass)
       
    • Url: (e.g. MyDomain.local\rdp1)
      • The domain (if applicable) must be specified in either the Username or URL        
      • Formats:
        • IP Address
          • Must include domain name in the username
        • fully qualified hostname (eg. rdpserver.mydomain.local)
        • hostname
          • Must include domain name in the username
        • :<port number> can be appended to any of the above formats if the RDP port has been changed on the target (eg. rdpserver.mydomain.local:9000)
           
    • Any additional fields can also be included.          
              

    3. Click Save.

Use RDP SSO Client

1. Install the RDP SSO Client

Before connecting to the RDP SSO Server, the end user must first download and install the SSO Root Certificate and the Pleasant RDP SSO Client.

Both downloads are on the SSO Server Status, which the end user can view so long as they have an Access Level permission with Use Via SSO enabled.

Both files can be installed with the defaults selected.

Install SSO Root Certificate

Certificate

RDP SSO Client Download

2. Launch RDP SSO

With the certificate and client are installed the end user can now navigate to a credential and select Actions > Launch RDP SSO to open a remote desktop session immediately.

Note: the user must have an Access Level with Use Via SSO enabled for the credential.

The first time Launch RDP SSO is selected from a particular browser...

Launch RDP SSO

You will see a popup asking if you would like to allow the RdpProxy application to open the URL:

Open RDP Popup


Once allowed the client will launch and Remote Desktop Connection will open automatically, connecting to the target machine via the RDP SSO Server. 

RDP Connection

Note:  Using RDP SSO Server is much slower than a standard RDP connection.  Usability and latency issues will be improved upon in future releases.