Federated Authentication Overview
Federated User Authentication enables organizations to use their own Identity Provider (IDP) as the source to verify the identity and to authenticate a user before permitting them to select a remote workstation. Once the desired workstation is selected, the user needs to provide the username and password to authenticate at the remote workstation.
Federated Authentication with Single Sign-On (SSO)
Single Sign-On is a feature that permits using the IDP to authenticate to the point of selecting your desktop from the list of workstations, and you need not to authenticate again to log in. If you are interested in this functionality, please discuss with your HP account representative.
To use the Federated Authentication Functionality, you must meet the following criteria:
- Access to Anyware Manager as a Service
- HP PCoIP Client version 23.01.0 or later
- An Identity Provider that supports OAuth2
- Ubuntu Connector v147 or later with access to an Identity Provider (Currently not supported in Anyware Connector-RHEL/Rocky Linux)
- Anyware Connector-RHEL/Rocky Linux 23.06 or later
Post Configuration User Workflow¶
After completing the Federated Authentication configuration, the user workflow will be as follows:
- You can open the PCoIP Client and select a Connector or a broker from the list of connections.
- The default web browser opens to a login page for the respective Identity Provider for user authentication.
- The user gets a list of remote desktops or pools to select.
- The user gets prompted within the client to authenticate. This credential is used to log the user into the desktop itself.
- The PCoIP Session is initiated with the remote desktop.
Federated Authentication Workflow
When you connect to a remote desktop using a PCoIP client earlier than 23.01 or a zero client and Federated Authentication has been configured there are one of two possible outcomes:
- Multi-Factor Authentication is not configured at the connector: The PCoIP client is unable to proceed and may produce an error or warning.
- Multi-Factor Authentication is configured at the connector: The system asks for a username/password and prompts for an MFA token for authentication.