Jump to content

Recommended Posts

Hi Folks,

I was in the middle of setting up SSO for Connectwise thinking this is great all users can log in to all the applications using their Office 365 account

Then I learnt that in true Connectwise style they are not enabling SSO for the thick client in Automate - sure everything is moving to the web (yeah right)

So now I am left with a dilemma - I enable SSO for Manage / Sell / Control and then setup a different 2FA for Automate which is bloody tedious.

What have others done here just out of curiosity.

This whole move to the web client is dumb the web client is nowhere near the fat client.

Thanks

Share this post


Link to post
Share on other sites

Hi Michael,

When considering the strategy Connectwise is approaching it actually makes sense. Given limited resources they'd rather spend the time on building out a product on the future rather than wasting any on a functional product that doesn't require anything beyond improvements. The approach for the Automate Web App is to hit the largest end user base first to get the most amount of people off the thick client at once. Essentially this means that focus is in making AWA the ideal help desk tool first, while focusing on the LT Admins usability (which is by far the lower base of the end users and more complicated to port over to web) once the Help Desk is wrapped up.

In any case, the answer to your question is to enforce MFA on your local users, in addition to the SSO enforcement. Google Authenticator is a free plugin if you don't have DUO already, and you can still enable SSO to be used with AWA for the help desk. Note that the next few patches that are coming are going to heavily focus on porting EDF/Script ability into the AWA side so that you can spend more time in the web instead of on the thick client. As it stands, aside from our proactive team, the rest of us spend most of our time in AWA except for myself as I switch back and forth depending on if I'm scripting or jumping into machines to assist on support. I myself have SSO enabled in addition to DUO enforced for our entire company.

Share this post


Link to post
Share on other sites

We are using DUO for our 2FA; with the plugin, it works with the thick and thin client.

In order to look at SSO, we're  looking at leveraging the current LDAP option of Connectwise, with Azure AD sync on our end so we aren't limited to the method of using Connectwise SSO only on the web, or only with Connectwise accounts.  While it isn't strictly listed as a supported option, we have already heard of other Automate clients using this method.

Share this post


Link to post
Share on other sites

I added the Azure AD config to Connectwise SSO and would be happy to share a screenshot.  Our strategy has been to leverage Azure AD wherever possible and use a conditional access policy in Azure AD to force DUO.  This helps minimize the total number of DUO integrations we have to maintain and can also bring push notifications to apps whose DUO integrations are just the 6 digit code.  Sadly, this does not apply to Control Center.

I should also add that calling it SSO is a bit disingenuous on CW's part. The way it hooks into Automate, Control, and Manage, it has a heart attack if cases in usernames don't match between products.  To it, bsmith in Automate and Bsmith in Manage are not the same EVEN if the e-mail addresses match.

Edited by Pendragon8062

Share this post


Link to post
Share on other sites

I was originally "Wait. Wot?" when I saw this thread because I've seen the setting in the Dashboard. Then I pulled the related documentation and... yeah.

Including the linkage and relevent quote for reference by others:

ConnectWise Automate Documentation > Administration and Configuration >  SSO Setup for Automate

Quote

ConnectWise Single Sign-On (SSO) enables you to use a common username and password across ConnectWise application, eliminating the need for multiple logins to each application. Automate’s initial implementation of ConnectWise SSO only supports SSO logins for the Automate Web Control Center to provide seamless integration with other ConnectWise web-based solutions. ConnectWise SSO users of the Automate Windows Control Center desktop application must still log in with their local Automate users.

[Emphasis added]

Edited by KI_EricS

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...