Active Directory Single Sign-On

In order to enable Windows SSO authentication for generated clients:

Update TSplus Remote Access to the latest version on a server joined to the domain.

Generate a client from the Client Generator, checking the “Enable Single Sign-On (SSO)” box in the “Security” tab.

Connect from a machine joined to the domain using the generated client.

Configuring Group Policy for Windows Single Sign-On (SSO) via Remote Desktop Client

From the domain controller:

1. Open the Group Policy Management Console.
2. Right-click on the Organizational Unit (OU) where the Group Policy Object (GPO) should be applied and select “Create a GPO in this domain, and Link it here…”.
3. Name the GPO (e.g., SSO_RDS_MY_SERVER) and click “OK”.
4. Right-click on the created policy and select “Edit”.
5. Navigate to the following location: “Computer Configuration / Policies / Administrative Templates / System / Credentials Delegation.”
6. Double-click on “Allow delegating default credentials” to open the settings.
7. Enable the setting and click “Show…”
8. In the Value field, enter the server(s) in the format TERMSRV/server_fully_qualified_domain_name and click “OK”.
9. Click “Apply” and “OK” to close the window. From the client machine:
10. Update group policies by running the following command as an administrator: gpupdate /force.