There were issues with getting the VDI module in DEX to work properly for the help desk team. SAML was causing issues, and a security policy needed to be set up to accept SSO users. A video was suggested and it was recommended to check a certain box in the login methods. The prompt for UPN meant a different logon method was used, so the team was reminded to use SAML. The UPN should be listed if logged on with SAML. By suppressing the other method and reminding the help desk, the issue was resolved.
Read the entire ‘Troubleshooting VDI Module in ControlUp DEX’ thread below:
Our help desk is having an issue getting the VDI module in DEX to work properly…..they see it available so it looks like the group permissions i set up are working properly but when they click on it this is what they see rather than it going in like it does for me . for some reason SAML isn’t working for them either (they need to do 2fa all of sudden but again works for me so couple weird things going on)
You need to set up the security policy to accept SSO users. I have a video somewhere on this… what version of the console are you on?
9.0.0.1616 looks like
would that matter if sso is working for me ?
my other full admin it works fine too. seems like its just this one group
They must use SAML. If they use any other option they will get prompted for their UPN. If you on v9 make sure to check this box in the login methods.
They need to set use solve in the security policy as well, one moment
I can get you a video on this
we do have that checked….the url i gave them has /saml at the end too if that helps
Have you turned off the other methods? If they logoff they may get back to the main logon screen.
we didnt but good idea that i can try that
does saml not work w/ the VDI module ?
@member it does work, you need to make sure the relevant SSO groups are in the security policy user group
Should. All the others will cause that prompt.
SSO groups are not needed if you check that box.
security policy group in dex ya mean?
cool yup we had that box checked and like i said it works for me and another admin…..just not our help desk (who’s assigned to a different role )
If they don’t have use web app the DEX console would have told you they don’t have permission.
The fact your getting that prompt means we don’t know who they are (UPN) because it wasn’t passed as part of the SAML assertion.
They used a different logon method which is email based.
ahh gotcha so maybe they need to start over and make sure they are using the saml option and then everything might flow better
i’m following
When you logon with email/password we still need to find out who they are in AD, hence the prompt. Once you put in your UPN/Password the monitors take that and bind to AD to get group memberships and auth the user with the security policy (if that checkbox is checked).
that makes sense! thank you! i unchecked the email option so i’ll see what happens. thank you for the help
Here is another clue to look for. The UPN should be listed here if they logged on with SAML. If you don’t see the UPN here you’ll get the prompt for it when going to the VDI tab.
Here is an oauth logon.
perfect thank you ! sounds like they just werent picking the right option at logon so supressing the other method and reminding them was all it took 🙂
Continue reading and comment on the thread ‘Troubleshooting VDI Module in ControlUp DEX’. Not a member? Join Here!
Categories: All Archives, ControlUp DEX Platform