Single Sign-On Overview

Federated User Authentication enables organizations to use their own Identity Provider (IdP) as the source to verify the identity and to authenticate a user before permitting them to select remote workstation. By Configuring Single-Sign-On, the user does not need to authenticate and directly connects to the remote workstation once the desired workstation is selected.

Federated Authentication with Single Sign-On (SSO)

Single Sign-On is a feature that permits using the IdP to authenticate to the point of selecting your desktop from the list of workstations, and you need not to authenticate again to log in.

Prerequisites¶

To use the Federated Authentication Functionality, you must meet the following criteria:

CMSG 23.04 or later.
HP PCoIP Client version 23.01.0 or later
HP PCoIP Windows Agent 23.01.0 or later (SSO is not supported on Linux or MacOS)
An Identity Provider that supports OAuth2
A custom or third-party broker that supports Federated User Authentication using the PCoIP Broker Protocol

Next Steps¶

In order to successfully configure Single Sign-On, you need to follow the steps below in order:

Configure a third-party IDP.
- Configure Okta
- Configure Azure Active Directory
Prepare for SSO
Enable Federated Authentication with SSO

Configuring IDP for Single Sign-On

Before you start preparing for Single Sign-On, ensure that you configure an IDP to enable Federated Authentication.

For more information on Okta IDP configuration, see Configuring Okta IDP.
For more information on Azure Active Directory configuration, see Configuring Azure Active Directory.