Hey Folks, it would be a great feature if you could integrate the Azure MFA to HTML5 Gateway and Client. Regards Stefan
Hi, Azure AD SSO is possible today by using Azure as an IdP and use Parallels RAS SAML SSO configuration. One can also add conditional access to the AAD which is used as an IdP. Please see page 6 https://download.parallels.com/ras/v19/docs/en_US/Parallels-RAS-19-SAML-SSO-Examples.pdf
When using Azure as an IdP I also must have Windows PKI an RAS Enrollment Server in place? Or is there a way without PKI (and Enrollment Server)?
Hi, If you are trying to use Azure SAML, it is impossible without the Enrolment server and CA. Please follow the below instructions: Setting up Windows Server side to comply RAS SAML pre-requisites (parallels.com) Setting up Parallels RAS to work with Azure Identity Provider over SAML If you want to implement Azure MFA, you have to set radius and NPS server and install Microsoft NPS extension: Use Microsoft Entra multifactor authentication with NPS - Microsoft Entra | Microsoft Learn
We would also like to request, that it should be possible to use SAML without the Enrollment Server, as we do not want to have am AD CA in our domains. Way to risky, MS CA is .
It's possible* in RAS 19.4 with authentication type "Web + Credentilas": SAML Authentication without ES or CA *) At least it's partial possible as long as you only use Windows based clients: Authentication types in Parallels RAS Client
Thank you, that is exactly what I'm looking for! But it would be very important, to add the remaining types. Most important would be: Web macOS Linux iOS/iPadOS
Especialy for "Web" there should not be that much magic involved looking at this workaround for Citrix Netscaler: NetScaler - How to get rid of SSO / missing PRT Issues using Entra ID Phone Sign-in
