If you or your organization have enabled RealVNC Connect's Azure AD SSO, you will no longer be able to invite people and assign roles within the RealVNC Connect Portal. Instead, all people and role assignment takes place in Azure AD. To discuss enabling Azure AD SSO for your subscription, please contact us.

Managers and Admins can use the RealVNC Connect Portal to view the current members of the team, but cannot use it to add, remove or edit members. The list of members in the RealVNC Connect Portal only includes those who have signed-in at least once.

Managing user and group assignments

1. Navigate to the Azure AD portal, and sign in with an account that has appropriate permissions to assign users/groups to Enterprise applications
2. Click Enterprise applications from the menu
   
   
   
   
3. Click the VNC-Connect-SSO app from the list
   
   
   
   
4. Click Assign users and groups in the Getting Started section, or Users and groups on the left menu
   
   

   or

Assigning new roles

1. Click Add user/group at the top
   
   
   
   
2. Select the users and/or groups you'd like to grant access to RealVNC Connect, by clicking None Selected and then selecting from the list that appears
   Note, group assignment may require Azure AD Premium P1 or above
   
   
   
   
3. Select the role that you would like to assign to the selected users/groups
   Note, only 1 role can be selected. To assign a second role, e.g. Technician for On-Demand Assist, if included in your subscription, follow these steps again
   
   
   
   
4. When you have completed your selections, click Assign
   
   
   
   
5. The selected users and role assignments will appear in the list, and the users are able to sign in to RealVNC Connect!
   
   

Editing role assignments

1. To edit an assigned role, select the user or group and click Edit
   
   
   
   
2. Select the role that you would like to assign
   
   
3. Click Assign and the selected user/group role will be updated

Removing role assignments

1. To edit an assigned role, select the user or user group and click Remove
   
   

Linking Azure AD Security Groups to RealVNC Connect People Groups

RealVNC Connect's Azure AD SSO makes it possible to link Azure AD security groups to RealVNC Connect's people groups, allowing you to manage group membership (e.g. for computer discovery permissions) in Azure AD instead of the RealVNC Connect portal.

Once a group is linked, its members can no longer be viewed or edited in the RealVNC Connect Portal. Any users currently in the group are removed and replaced by users that are members of the Azure AD Security Group. Adding or removing members from the Azure AD Security Group will cause those users to be automatically added or removed from the RealVNC Connect group.

When a group is unlinked, it retains any members it had when it was linked, but these members are no longer automatically updated from Azure AD and can now be edited within the RealVNC Connect Portal.

Linking a group

1. Follow the steps for Assigning new roles (above) to assign the Security group a role in RealVNC Connect
2. Select the group from the list of Users and Groups in the VNC-Connect-SSO Enterprise app
   
   
   
   
3. Copy the group's object ID
   
   
   
   
4. Sign in to the RealVNC Connect Portal using an Azure AD SSO account that has been assigned as a Manager or Admin
5. Click People on the left menu, then select Groups from the top menu.
   
   
   
   
6. Choose to either Create a new group, or edit an existing user group using the 3 dots button next to the group
   
   
   
   
7. If creating a new group, enter the name of the group. For new and existing groups, select Link to an organization group and enter the Azure AD group's object ID. Click Save
   
   

   or

   
   
   
8. The group will be synced with Azure AD and ready to use in RealVNC Connect.