[Credentials ]Login page with SSO button (+ User Management)
Gives the possibility to login in with an admin account, if you are working with an normal account on your computer.
Also you should be able to restrict access to i.e. an AD group.
This is extremely important. WAC should be able to support any normal single or multi-factor authentication protocol currently supported by Microsoft and which are in normal use by MS customers (Smart Card, Secure Token, Windows Hello/Business, PIN, Federation, etc.). Offering ONLY UserID/Password to switch between Administration IDs for remote devices is currently unworkable in our environment. We have to use different Admin accounts w/mandatory smart cards use on different servers. [FYI - Since the choice was made to use MS Edge, RunAs is not workable to 'launch' multiple Edge WAC contexts... since Edge is 'modern app'.]
Silvio Di Benedetto commented
Add a sign-out button to disconnect the WAC session. This is helpful when there's a requirement to change the user to make some activities (like install extensions or manage Azure)
Since Windows Admin Center uses a web interface why not use an authentication method made for web interfaces such as federation and achieve SSO and (third party) MFA.
Second this. When standard and admin credentials are separated it is quite nice having an authentication window available - i know this is not a blocker, but a comfort feature.
Anoop A P commented
Please provide an option to setup authentication.
Ie Once the user calls "https://localhost:6516/" It should prompt for Username and password.
There should be an option inside administrative centre for providing authorisation to users who are in an AD security group.
Another option to display is to show the installed application and should be able to Manage ( Uninstall) it if required.
Rabbani Syed commented
Can your please provide a permanent solution for this error each time i have to run the Powershell
Set-Item wsman:\localhost\Client\TrustedHosts xxxx -Concatenate -Force to avoid this error. i am connecting on a workgroup.
Connecting to remote server XXXX failed with the following error message : WinRM cannot process the request. The following error with error code 0x8009030e.
a logon account should be the default account used to manage systems unless a manage as account is specified for a group or individual system. The currently logged on account should be listed in the upper right corner like in Azure portal with logout function.
Håkan Åknert commented
Support MFA and Conditinal access to webpage
Is that EVERYONE will be able to access to the resources they have permission only? The tool does not give more permissions to the users unless they already have.
Andy Bocko commented
Add the ability to login to Honolulu with alternate credentials. I'm logged into my desktop with a standard user account and should be able to attach to Honolulu as my admin account. I can specify credentials for attaching to individual servers but that is cumbersome.
I think this is the most important request of all .....i vote for a few more..but this most be the number ONE. How this tool can give the posibility of change sensible config or data without a minimal protection...sorry for my english
Gen Lee commented
This is must have!
Strongly agree to Benoit. I installed Honolulu on my local box and accessed it with my local browser, a browser on a server and from a "normal" domain users box with her user rights. In any mentionend case i was able to add new users with my current domain account, add them to the local admin group, delete other users, change their passwords. Might as well have shutdown servers via Honolulu.
Overall i think it's a great tool, but i have to wait to introduce it to my fellow IT colleagues until we get some sort of authentication/access management.
I think Web Server Need an Identity authorization Feature
Benoit HAMET commented
Please add authentication request to access the admin web UI
When you access the Honolulu URL, no authentication is requested (using Windows credentials)
This means EVERYBODY will be able to access (even if after they are limited to perform action) you are leaking internal network details to everybody