Normally, Advanced Server Access creates and manages local accounts for members of a team. After configuration, users can launch RDP sessions with an existing AD account. See Configure Active Directory account mapping.
Centralized AD connections
Advanced Server Access centrally stores all authentication and routing information related to a specific AD domain on the Connections page. Teams can add multiple connections to support multi-domain environments. See Create an Active Directory connection.
Teams can add signed certificates to allow users to launch RDP sessions without needing to enter their AD password. An AD domain controller can sign the certificates or teams can use self-signed certificates for testing purposes. See Passwordless certificates.
Server sync jobs let teams automatically sync (add new servers, update details for existing servers, and remove unavailable servers). See Active Directory server discovery.
Advanced Server Access records event data and allows teams to track when servers are added, removed, or accessed by users.
AD-Joined integrates support for PolicySync, a separate Advanced Server Access feature also currently in Early Access. PolicySync adds fine-grained access control for Advanced Server Access projects.
AD-Joined can use PolicySync to locate and import metadata from AD for use as server labels used via selectors. See PolicySync: Attribute-Based Access Control.
Supported usage scenarios
Server agent required?
Sign in Experience
User connects directly to an Advanced Server Access managed Windows server
User connects through an Advanced Server Access gateway to an Advanced Server Access managed Windows server
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users must manually enter their AD password.
User connects through an Advanced Server Access gateway to an unmanaged Windows server with an AD account. Users don't need to enter a password.