I have a hosted platform where our thick client applications run on Windows Server 2012 R2 servers, so customers can access these by logging into the RDWeb portal. They open the application, and everything looks like it is running on their machine, when it is obviously running on the server. To access RDWeb they will authenticate using their credentials which are matched against the Active Directory. The AD is set up on the hosted side, and the customer has no control over this. It is also important to note that we utilise both Azure and AWS to build these environments per client request, so just Azure AD unfortunately doesn’t seem a plausible option.
As each Active Directory is controlled by ourselves, customers must request additional users to be added or deleted from the system. We then carry this out on their behalf. To allow customers extra control over profiles who are authenticated to access the portal, we are looking to provide access to RDWeb by authenticating users from whatever authentication provider they use. Be this Okta or any of the other authenticators out there.
From my research it appears that RDWeb will only support form-based authentication or windows authentication, rather than our preferred option which would be SAML 2.0 authentication.
In short, is there a way of pushing RDS Gateway authentication to a 3rd party? If so, is there any recommendations of providers?