We do not currently offer self-service setup of RealVNC Account SSO between your SSO tenant/identity provider and your RealVNC Connect Team. To get started with RealVNC Account SSO, please read this page and then contact our Support team with the required information by submitting a ticket here.

Restrictions and Security Considerations

When enabling RealVNC Account SSO for your RealVNC Connect team, please be aware of the below restrictions and security considerations.

Restrictions

Teams

1. Your SSO tenant/identity provider can only be associated with one Team
2. All other members of an SSO-enabled Team must be SSO users; users with a standard RealVNC account cannot be part of an SSO-enabled Team
3. Mandated two-factor authentication using RealVNC Connect's 2FA cannot be enabled on SSO-enabled Teams
   1. Note, this does not prevent using your identity provider's 2FA for accounts, this refers to RealVNC's own 2FA for accounts which cannot be used with an SSO account
4. Once a Team has SSO enabled, it cannot be undone

People (Users)

1. SSO Users cannot sign in to the License Wizard, a cloud connectivity token must be used instead
2. SSO Users cannot change their contact details or authentication settings in the RealVNC Connect Portal as they are controlled by your identity provider

Security considerations

Once your Team has been enabled for SSO sign-in, please be aware that:

1. RealVNC Connect will not perform device authorization or two-factor authentication for users
2. Mandated two-factor authentication using RealVNC Connect's 2FA is disabled on the Team
   1. Note, this does not prevent using your identity provider's 2FA for accounts, this refers to RealVNC's own 2FA for accounts which cannot be used with an SSO account
3. It is up to the customer to ensure that their identity provider is configured to provide adequate security for their users

Existing user migration

RealVNC Connect accounts must have a unique email address/UPN, which means when you want to enable RealVNC Account SSO for an existing team we will need to migrate your users from using standard RealVNC Accounts to SSO-enabled RealVNC accounts.

For the migration, we will need you to provide information from your SSO tenant/identity provider for each user. You can find the template files for the migration process below. Once complete, please send these to our Support team.

Entra ID

Entra ID Migration Spreadsheet Template

To find the Entra ID Object ID, you need to sign in to the Entra ID portal and view the user's Basic Info:

Okta

Okta Migration Spreadsheet Template

To find the Okta user id, you need to sign in to your Okta admin console and either:

1. In Directory:
   • Find the user you want to add and click on their name
   • Copy the User Id from the end of the URL in your web browser's address bar
     
2. In Reports:
   • Run the User Accounts report under Entitlements and Access