IMPORTANT - VRL ONLY: These steps and determinations DO NOT apply to our VFC users or users of VEC RDP as their processes change significantly with the move to Cascade / AVD
For more information and details about this transition, please see the overall Cascade / AVD FAQ article: The Transition to Azure Virtual Desktop (AVD) and Cascade
Author: Eric Vasbinder
Applicable ERPs:
Vista
As mentioned in other articles, end users who connect to Vista in our cloud using Vista Remote Link (VRL) will not be using Azure Virtual Desktop (AVD) to consume Vista on a regular basis. Instead, they will continue to consume Vista in our cloud using the VRL client, usually installed on their local workstations.
However, those users MAY still be somewhat impacted by the move to AVD and Cascade, depending on the method which they use to log in to their account in Vista.
Specifically, if those users log in to Vista using our older, legacy Viewpoint AD method, NOT SSO, they will have a few additional steps to perform, including logging in Microsoft's Security Signins Portal to set up MFA.
Please read on for more specifics.
Many users have been set up to use our most modern means of connecting to Vista in our cloud: VRL with our Single Sign On (SSO) to authenticate. These users will not be impacted at all by this move.
VRL users who do not use SSO yet, who are still using our legacy login names into Vista in the form of "VIEWPOINT\username.code", will be impacted and need to perform a few steps at the beginning.
First, before you proceed: Do you know if you use VRL to connect to Vista? If you are not sure, look in the bottom right hand corner of the Vista main menu. If it shows "VRL", then you are using VRL and this article MAY apply to you. If it shows VEC or LAN, then this article DOES NOT apply to you.
Next, the easiest way to determine if the following steps apply to you is to answer these three questions:
Do I log in to Vista using the "Sign in with Viewpoint ID" blue button OR is my username in Vista in the format of "email@CompanyDomain_EnterpriseID"? EnterpriseID is the numerical for my specific enterprise in the Viewpoint cloud.
IF the answer is yes to that question, you are using Viewpoint/Trimble ID SSO, perhaps federated to Microsoft Azure AD (EntraID). If so, great! Please proceed to the next question.
Do you use SMB to mount file shares on the Vista server, either over RDP or using the IPSEC VPN? This is most commonly seen for server to server, automated file imports into the Viewpoint Repository "pickup" folder, or for our ADP integration. If the Answer is YES, then PARTS of this page DO apply to you - specifically first time user setup using the Microsoft security signins portal and ongoing user group management in Cascade portal.
NOTE: this will ONLY be for those local AD service accounts that need SMB file share access - nothing else if you are using SSO and VRL.
Do I log in to Vista using the username "VIEWPOINT\username.code" OR do I reset my Vista password using the CloudWorkspace (NetApp) portal today (legacy CW password reset FAQ: How do end users reset their passwords? Legacy Method - NOT SSO Method )?
IF the answer is YES to that question, then BOTH the initial setup steps and password reset changes will apply to you.
Figure 1: SSO Signin Button - If you use it, AND you do not use automated imports via SMB, Cascade AVD does NOT apply to You
When first moving to Cascade, if this applies to you as a VRL user, you will need to log in to the account through the Microsoft Security Signins portal to complete the process of setting up your user account. Specifically, this will allow you to set up Multi-Factor Authentication (MFA). In addition, in the future, you can use this portal to manage your MFA options for your cloud account.
To that end, please follow these steps to complete first time set up:
Open your web browser and browse to the following URL: https://mysignins.microsoft.com/security-info
If you've already logged in to an Azure AD account, you will see a list of accounts from which to pick. Since this should be the first time you have logged in to this account, you will need to click on "Use Another Account".
Figure 2: Click "Use Another Account".
3. Enter your new account's username
Figure 3: Enter your new Cascade portal account's username.
4. Paste your temporary password into the next field.
Figure 4: Paste in your temporary password.
5. Microsoft will ask you to set up multifactor authentication (MFA). Please click the "Next" button.
Figure 5: click next to proceed with MFA Setup.
6. You will now be able to choose the MFA option that you would like to use. We highly recommend the Microsoft Authenticator application as it tends to be quite convenient and more secure than other options, such as SMS cell phone text messaging. However, if you wish you may click the "I want to set up a different method" link on the bottom left which will allow you to choose between SMS text and a Google authenticator style time-based code (.a.k.a. TOTP).
NOTE: We will only be documenting the steps to use Microsoft Authenticator. For steps to set up the other two optional methods instead, please see Microsoft online help documentation.
7. Please click "Next".
Figure 6: Click Next for Preferred Option
Figure 7: Choose an Optional Alternative Second Authentication Factor
8. Click next on the following screen. After doing so, your computer's screen will show a QR code which can be scanned in the following steps.
Figure 8: clicking next will show the QR code needed
9. Download and install the Microsoft Authenticator app on your phone or tablet. Please note, the application is available from both the Apple App Store as well as the Google Play Store. Merely search for Microsoft Authenticator.
10. Once installed, please tap the icon on your mobile device to start the application.
Figure 9: tap the Authenticator icon
11. On your mobile device Tap the plus icon
Figure 10: Tap the plus icon
12. Tap the option to add a work or school account.
Figure 11: work or school account
13. Tap "Scan QR code".
Figure 12: tap "Scan QR Code".
14. Your mobile device will now show the screen to scan the QR code that is on your computer's monitor. Hold your mobile device's camera so that the QR code is displayed within the box. The Microsoft Authenticator application will automatically add the account as part of the next step.
Figure 13: scan the QR code
15. AVD will send a notification to your phone or tablet, while at the same time displaying a number on your computer's screen. Inside the notification on your mobile device please enter the number displayed on your computer's screen. Once entered please click "yes".
Figure 14: screen on the computer
Figure 15: screen to enter number on app
16. Once you have entered the number and tapped a yes on the mobile application, if you are successful you will receive a notification approved message on your computer. Please click "next" on that screen.
Figure 16: notification approval message
17. On your mobile device, you will know the process of adding your account to your Microsoft Authenticator application is complete when your new account is shown in the app.
Figure 17: account added to the app
18. You will receive a notification on your computer saying that your new MFA method has been successfully added to your account. Please click done to continue
Figure 18: click "done" to continue
19. In the future, when logging into your Cascade account, you may be prompted to enter a number into your Microsoft Authenticator application on your mobile device. This should be very similar to the items listed above in step 15.
20. Once you have entered the MFA number prompt, you will then be asked if you wish to Stay Signed in. Please select your preferred option.
Figure 19: Stay Signed In or Not
21. Once you have logged in to the Microsoft Signins Portal and have set up MFA, you should be good to go to log in to VRL using your new Cascade portal-managed account.
Figure 20: You should now see your MFA option displayed on this page.
NOTE: Technically, once you have logged in for the first time and set up your user account, you will no longer need to use the Microsoft Signins Portal. However, resetting passwords will be a different process going forward and is documented in this section: How to reset passwords in Cascade Portal
For Vista users to whom this applies, VRL users with "VIEWPOINT\" accounts, here are the areas of change for ongoing processes.
The major item that changes is the fact that, to reset your password, you will no longer use the old CloudWorkspace username in the form of "Username@companyIdentifier". This may have looked like an email address (e.g. username@company.com) in the past, but rest assured, it was NOT an email address on the back end.
Going forward, when you need to reset your password, your username will be in the new Cascade format: FirstInitial.Lastname.CompanyCode@viewpoint.cloud
You username for Vista over VRL will not change, even though the username for resetting that acocunt's password will change. The username you use for Vista itself will remain in the format of VIEWPOINT\username.code
Your username for resetting passwords will be your new "Cascade" user name which has been assigned to your user account. This will be in the form of "FirstInitial.Lastname.CompanyCode@viewpoint.cloud".
To Reset your password in the cloud, after your initial log in and user account setup, you will need to use the new Cascade password reset method, documented here: How to reset passwords in Cascade portal
changelog
Monday, 13 November 2023 at 02:53PM:
Significant rewrite to specify the use of the MSFT Signins portal for initial MFA set up instead of AVD client.
Tuesday, 31 October 2023 at 10:21AM:
Added note about ADP and file import SMB access still needing to use Cascade and, for first time setup only, the AVD client.
Tuesday, 10 October 2023 at 04:27PM:
Initial Posting