Configure an older Active Directory Interactive (with MFA Support) version with Remote Desktop Manager

This topic is for Remote Desktop Manager versions lower than 2022.1. If you are using 2022.1 and higher please follow Configure Remote Desktop Manager Active Directory Interactive (with MFA support) instead.

Active Directory Interactive (with MFA Support) allows you to authenticate on your Microsoft Azure SQL data source using your Office365 account + MFA.

For Azure AD authentication, download and install the Microsoft Active Directory Authentication Library for Microsoft SQL Server on every client computer.

When creating SQL Active Directory users, you must be logged in with an Azure Active Directory user. Otherwise it will fail and you will be notified of the error.

Use the servers defined Azure Active Directory Admin to create your first Remote Desktop Manager admin user. Once you have created it, you can use this new account to create other users.

Settings

RDMWin2234

  1. Select Active Directory Interactive (with MFA Support) from the Login mode drop-down menu.
  2. You can specify how you want Remote Desktop Manager to interact with Azure AD during the authentication.
OPTION DESCRIPTION
Default This is the default mode.
The user will be prompted for credentials even if there is a token that meets the requirements already in the cache.
Automatic
(Shared in older versions)
Azure AD will prompt the user for credentials only when necessary. If a token that meets the requirements is already cached then the user will not be prompted.

When it comes to Azure AD joined devices (registered devices). Azure AD may or may not prompt for MFA. This is entirely controlled by Azure AD, there is nothing we can do in Remote Desktop Manager to force or bypass the MFA other than the Default or Automatic options mentioned above.

  1. In the Username field, paste the Active Directory admin email you created in the Microsoft Azure SQL databases.

On first connect, the username must be the Active Directory Admin as defined in the Configure the Active Directory Admin. Once you add other AD user in Remote Desktop Manager they will be able to connect.

RDMWin2217
If you get this message error: Unable to connect to the database! Login failed for user '' it is because you are not using the Active Directory admin email you created in the Microsoft Azure SQL databases.

  1. Click on Configure to set the Azure App Settings and enter the application ID from the Azure Active Directory App Registration and the corresponding Redirect URI.

When you receive this error: AADSTS70001 - Application with Identifier was not found in the directory….

Validate that your Application ID in Remote Desktop Manager is identical to the App Registration's Application (client) ID (step 11 of Create an Azure Active Directory App Registration).

App Registration
App Registration
5. Configure the database to authenticate in the Database field.