[Credentials ]Login page with SSO button (+ User Management)
Gives the possibility to login in with an admin account, if you are working with an normal account on your computer.
Also you should be able to restrict access to i.e. an AD group.
The reason WAC won't allow you to switch accounts is because it relies on Kerberos authentication. You can easily force your browser to prompt you to enter credentials when you launch it in private mode. ADFS support is probably unlikely to come due to an already existing integration with AAD which can be federated with ADFS and for those who need, ADFS can use DUO for your MFA backend.
is it in any way possible to switch accounts once logged in on windows admin center via a browser?
cant log off and bij shutting down and reopen the browser its automaticly logged in with the previous user account.
+100 ADFS support. Lack of MFA support is a compliance issue these days.
First things is WAC does not have log off button it
it is taking User id from the system login and not allowing others to login to the WAC even If I provide user login permission
Ivan Ruiz commented
Add feature under WAC settings to enable switching between accounts.
I'd like to see this so I can integrate it with ADFS
There should be a logout button out of the whole Windows Admin Center. Not having the option is frankly quite ridiculous.
Windows Admin Center should support provisioning access and SSO using a SAML or similar IdP, such as Okta.
This is extremely important. WAC should be able to support any normal single or multi-factor authentication protocol currently supported by Microsoft and which are in normal use by MS customers (Smart Card, Secure Token, Windows Hello/Business, PIN, Federation, etc.). Offering ONLY UserID/Password to switch between Administration IDs for remote devices is currently unworkable in our environment. We have to use different Admin accounts w/mandatory smart cards use on different servers. [FYI - Since the choice was made to use MS Edge, RunAs is not workable to 'launch' multiple Edge WAC contexts... since Edge is 'modern app'.]
Silvio Di Benedetto commented
Add a sign-out button to disconnect the WAC session. This is helpful when there's a requirement to change the user to make some activities (like install extensions or manage Azure)
Since Windows Admin Center uses a web interface why not use an authentication method made for web interfaces such as federation and achieve SSO and (third party) MFA.
Second this. When standard and admin credentials are separated it is quite nice having an authentication window available - i know this is not a blocker, but a comfort feature.
Anoop A P commented
Please provide an option to setup authentication.
Ie Once the user calls "https://localhost:6516/" It should prompt for Username and password.
There should be an option inside administrative centre for providing authorisation to users who are in an AD security group.
Another option to display is to show the installed application and should be able to Manage ( Uninstall) it if required.
Rabbani Syed commented
Can your please provide a permanent solution for this error each time i have to run the Powershell
Set-Item wsman:\localhost\Client\TrustedHosts xxxx -Concatenate -Force to avoid this error. i am connecting on a workgroup.
Connecting to remote server XXXX failed with the following error message : WinRM cannot process the request. The following error with error code 0x8009030e.
a logon account should be the default account used to manage systems unless a manage as account is specified for a group or individual system. The currently logged on account should be listed in the upper right corner like in Azure portal with logout function.
Håkan Åknert commented
Support MFA and Conditinal access to webpage
Is that EVERYONE will be able to access to the resources they have permission only? The tool does not give more permissions to the users unless they already have.
Andy Bocko commented
Add the ability to login to Honolulu with alternate credentials. I'm logged into my desktop with a standard user account and should be able to attach to Honolulu as my admin account. I can specify credentials for attaching to individual servers but that is cumbersome.
I think this is the most important request of all .....i vote for a few more..but this most be the number ONE. How this tool can give the posibility of change sensible config or data without a minimal protection...sorry for my english