Managing RealVNC Connect roles and groups with Azure AD SSO

Follow

Available-Legacy-Enterprise-Addon.pngAvailable-Plus-Addon-Included-Premium-Enterprise.png

If you or your organization have enabled RealVNC Connect's Azure AD SSO, you will no longer be able to invite people and assign roles within the RealVNC Connect Portal. Instead, all people and role assignment takes place in Azure AD. To discuss enabling Azure AD SSO for your subscription, please contact us.

Managers and Admins can use the RealVNC Connect Portal to view the current members of the team, but cannot use it to add, remove or edit members. The list of members in the RealVNC Connect Portal only includes those who have signed-in at least once.

Membership and role changes made within Azure AD are not immediately reflected within RealVNC Connect, and will instead update as below:

  • If a user is signed in, then the changes will be applied within an hour
  • If a user is not signed in, then the changes will be applied when they next sign-in

Managing user and group assignments

  1. Navigate to the Azure AD portal, and sign in with an account that has appropriate permissions to assign users/groups to Enterprise applications
  2. Click Enterprise applications from the menu

    roles1.PNG

  3. Click the VNC-Connect-SSO app from the list

    roles2.PNG

  4. Click Assign users and groups in the Getting Started section, or Users and groups on the left menu

    roles3.PNG  or roles3b.png

Assigning new roles

  1. Click Add user/group at the top

    roles4.PNG

  2. Select the users and/or groups you'd like to grant access to RealVNC Connect, by clicking None Selected and then selecting from the list that appears
    Note, group assignment may require Azure AD Premium P1 or above

    roles5.PNG

  3. Select the role that you would like to assign to the selected users/groups
    Note, only 1 role can be selected. To assign a second role, e.g. Technician for On-Demand Assist, if included in your subscription, follow these steps again

    roles5a.png

  4. When you have completed your selections, click Assign

    roles5b.png

  5. The selected users and role assignments will appear in the list, and the users are able to sign in to RealVNC Connect!

    roles6.PNG

Editing role assignments

  1. To edit an assigned role, select the user or group and click Edit

    edit1.png

  2. Select the role that you would like to assign

    edit2.png
  3. Click Assign and the selected user/group role will be updated

Removing role assignments

  1. To edit an assigned role, select the user or user group and click Remove

    remove1.png

Linking Azure AD Security Groups to RealVNC Connect People Groups

RealVNC Connect's Azure AD SSO makes it possible to link Azure AD security groups to RealVNC Connect's people groups, allowing you to manage group membership (e.g. for computer discovery permissions) in Azure AD instead of the RealVNC Connect portal.

Once a group is linked, its members can no longer be viewed or edited in the RealVNC Connect Portal. Any users currently in the group are removed and replaced by users that are members of the Azure AD Security Group. Adding or removing members from the Azure AD Security Group will cause those users to be automatically added or removed from the RealVNC Connect group.

When a group is unlinked, it retains any members it had when it was linked, but these members are no longer automatically updated from Azure AD and can now be edited within the RealVNC Connect Portal.

Group changes made within Azure AD are not immediately reflected within RealVNC Connect, and will instead update as below:

  • If a user is signed in, then the changes will be applied within an hour
  • If a user is not signed in, then the changes will be applied when they next sign-in

Linking a group

  1. Follow the steps for Assigning new roles (above) to assign the Security group a role in RealVNC Connect
  2. Select the group from the list of Users and Groups in the VNC-Connect-SSO Enterprise app

    group1.PNG

  3. Copy the group's object ID

    group2.PNG

  4. Sign in to the RealVNC Connect Portal using an Azure AD SSO account that has been assigned as a Manager or Admin
  5. Click People on the left menu, then select Groups from the top menu.

    group3.PNG

  6. Choose to either Create a new group, or edit an existing user group using the 3 dots button next to the group

    Create_groups.png

  7. If creating a new group, enter the name of the group. For new and existing groups, select Link to an organization group and enter the Azure AD group's object ID. Click Save

    group5a.PNG or group5b.PNG


  8. The group will be synced with Azure AD and ready to use in RealVNC Connect.
Was this article helpful?
1 out of 5 found this helpful

Comments

1 comment
  • Hi,

    I am trying to get SSO MFA Configured for our VNC Connections and this article spells it out nicely.

    That stated, I am not able to find the VNC-Connect-SSO app in our Intune Tenant.

    I am searching for VNC-Connect-SSO or any combination of this.

    Thanks,

    Scott

    0
    Comment actions Permalink

Article is closed for comments.