# Enabling SSO (single sign on) Parallels DaaS automatically enables Single Sign-On (SSO) in multi-session environments at the host pool level during deployment. SSO allows users to log in once using their primary credentials (e.g., corporate Entra-ID) and gain seamless access to virtual desktops without repeated authentication prompts. Follow these steps to enable Single Sign-On (SSO) for Parallels DaaS using Microsoft Graph. #### 1. Sign in to Azure Use the following command to sign in to Azure with your tenant context and then set the desired subscription context: `Connect-AzAccount -Tenant "" -UseDeviceAuthentication Set-AzContext -SubscriptionId "" -Tenant ""` #### 2. Prepare your environment Ensure that the PowerShell execution policy allows local scripts: `Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser` #### 3. Install the required Microsoft Graph modules Install the Microsoft Graph PowerShell module: `Install-Module Microsoft.Graph -Scope CurrentUser -Repository PSGallery -Force` #### 4. Import necessary modules Import the authentication and applications modules: `Import-Module Microsoft.Graph.Authentication Import-Module Microsoft.Graph.Applications` #### 5. Connect to Microsoft Graph Connect using Microsoft Graph with the appropriate permissions: `Connect-MgGraph -Scopes "Application.Read.All","Application-RemoteDesktopConfig.ReadWrite.All" -Tenant ""` #### 6. Enable SSO on required service principals Fetch the service principal IDs for the following two apps: * **Microsoft AVD Client**: App ID `a4a365df-50f1-4397-bc59-1a1564b8bb9c` * **Windows Cloud Login**: App ID `270efc09-cd0d-444b-a71f-39af4910ec45` Then update their remote desktop security configuration: `$MSRDspId = (Get-MgServicePrincipal -Filter "AppId eq 'a4a365df-50f1-4397-bc59-1a1564b8bb9c'").Id $WCLspId = (Get-MgServicePrincipal -Filter "AppId eq '270efc09-cd0d-444b-a71f-39af4910ec45'").Id Update-MgServicePrincipalRemoteDesktopSecurityConfiguration -ServicePrincipalId $MSRDspId -IsRemoteDesktopProtocolEnabled Update-MgServicePrincipalRemoteDesktopSecurityConfiguration -ServicePrincipalId $WCLspId -IsRemoteDesktopProtocolEnabled` #### 7. Verify SSO is enabled You can verify the settings using: `Get-MgServicePrincipalRemoteDesktopSecurityConfiguration -ServicePrincipalId $MSRDspId Get-MgServicePrincipalRemoteDesktopSecurityConfiguration -ServicePrincipalId $WCLspId` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.parallels.com/landing/daas-guides/daas-administrators-guide/common-management-tasks/enabling-sso-single-sign-on.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.