Forum Discussion

aferino's avatar
aferino
Active Contributor
4 years ago

Allow Access to computers with Azure Active Directory credentials

We have a lot of remote computer that we join to our Azure Active Directory tenant for single sign on. It would be very helpful if we could access those computers with AAD credentials that would have admin access to those devices in the same way we can with on-prem domain joined computers.

  • MNLLC's avatar
    MNLLC
    New Contributor

    In order to authenticate Logmein with an Azure AD Joined machine you have to put the credentials in as follows

     

    azuread\username*

    password = Office 365\Azure AD Password

     

    *the username is NOT the email address, but whatever the local account profile name is, for instance if your email was joe.smith@whereever.com usually your local account on the computer would be joesmith so your user username syntax would go like this azuread\joesmith and the password would be the user's Office 365 password

  • Try putting azuread\ in front of the user name as in:  azuread\firstlast@mycompany.com

  • Ralph6's avatar
    Ralph6
    New Contributor

    In the Azure Active Directory admin center, go to Azure Active Directory , choose Devices and then Device settings. Verify Users may join devices to Azure AD is enabled. To enable all users, set to All.

    • aferino's avatar
      aferino
      Active Contributor

      Ralph, that doesn't have anything to do with the problem I described. The devices are already joined to AAD. But you can't use an AAD credential to access a machine remotely with LMI Central. Even if that account would have local admin access if you were at that computer directly.

    • AshC's avatar
      AshC
      Retired GoTo Contributor

      You can use Azure AD for SSO login into the product, but currently the host logins don't work when windows would need to authenticate against an azure domain. The login page would redirect to the federated authentication page, so it recognizes the domain and forwards the user there.

      • aferino's avatar
        aferino
        Active Contributor

        Ash, I wouldn't actually mind the redirect on the remote connection side. It would be worth it to be able to completely disable the built in Administrator account on those machines. I wouldn't even mind if you didn't get the credential passthrough as long as my AAD account can get access to the machines.