Normally, Advanced Server Access creates and manages local accounts that are made available when a user starts a Remote Desktop Protocol (RDP) session. After configuration, users can launch RDP sessions with an existing AD account. See Configure Active Directory account mapping.
Centralized AD connections
Advanced Server Access centrally stores all authentication and routing information related to a specific AD domain on the Connections page. Teams can add multiple connections to support multi-domain environments. See Create an Active Directory connection.
Teams can add signed certificates to allow users to launch RDP sessions without needing to enter their AD password. Passwordless certificates are signed by your Domain Controller or can be self-signed for testing purposes. See Passwordless certificates.
Server sync jobs allow teams to automatically sync (add new servers, update details for existing servers, and remove unavailable servers). See Server discovery.
Advanced Server Access records event data and allows teams to track when servers are added, removed servers, or connected to by users.
AD-Joined integrates support for PolicySync, a separate Advanced Server Access feature also currently in Early Access, that adds fine-grained access control for Advanced Server Access projects.
AD-Joined can use PolicySync to locate and import metadata from AD for use as server labels used via selectors. See PolicySync: Attribute-Based Access Control.
Supported usage scenarios
Server agent required?
Sign in Experience
User connects directly to an Advanced Server Access managed Windows server
User connects through an Advanced Server Access gateway to an Advanced Server Access managed Windows server
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users must manually enter their AD password.
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users don't need to enter a password.