Cascade and Azure Virtual Desktop (AVD) for Vista VRL Users

IMPORTANT - VRL ONLY:  These steps and determinations DO NOT apply to our VFC users or users of VEC RDP as their processes change significantly with the move to Cascade / AVD

For more information and details about this transition, please see the overall Cascade / AVD FAQ article:  The Transition to Azure Virtual Desktop (AVD) and Cascade 

Author: Eric Vasbinder

Applicable ERPs:

• Vista

Overview

 As mentioned in other articles, end users who connect to Vista in our cloud using Vista Remote Link (VRL) will not be using Azure Virtual Desktop (AVD) to consume Vista on a regular basis.  Instead, they will continue to consume Vista in our cloud using the VRL client, usually installed on their local workstations.

However, those users MAY still be somewhat impacted by the move to AVD and Cascade, depending on the method which they use to log in to their account in Vista. 

Specifically, if those users log in to Vista using our older, legacy Viewpoint AD method, NOT SSO, they will have a few additional steps to perform, including logging in Microsoft's Security Signins Portal to set up MFA.

Please read on for more specifics.

Determining if this Applies to You

Many users have been set up to use our most modern means of connecting to Vista in our cloud:  VRL with our Single Sign On (SSO) to authenticate.  These users will not be impacted at all by this move.  

VRL users who do not use SSO yet, who are still using our legacy login names into Vista in the form of "VIEWPOINT\username.code", will be impacted and need to perform a few steps at the beginning.

First, before you proceed:  Do you know if you use VRL to connect to Vista?  If you are not sure, look in the bottom right hand corner of the Vista main menu.  If it shows "VRL", then you are using VRL and this article MAY apply to you.  If it shows VEC or LAN, then this article DOES NOT apply to you.

Next, the easiest way to determine if the following steps apply to you is to answer these three questions:

1. Do I log in to Vista using the "Sign in with Viewpoint ID" blue button OR is my username in Vista in the format of "email@CompanyDomain_EnterpriseID"?   EnterpriseID is the numerical for my specific enterprise in the Viewpoint cloud.

   1. IF the answer is yes to that question, you are using Viewpoint/Trimble ID SSO, perhaps federated to Microsoft Azure AD (EntraID).  If so, great!  Please proceed to the next question.

2. Do you use SMB to mount file shares on the Vista server, either over RDP or using the IPSEC VPN?  This is most commonly seen for server to server, automated file imports into the Viewpoint Repository "pickup" folder, or for our ADP integration.  If the Answer is YES, then PARTS of this page DO apply to you - specifically first time user setup using the Microsoft security signins portal and ongoing user group management in Cascade portal.

   1. NOTE: this will ONLY be for those local AD service accounts that need SMB file share access - nothing else if you are using SSO and VRL.

3. Do I log in to Vista using the username "VIEWPOINT\username.code" OR do I reset my Vista password using the CloudWorkspace (NetApp) portal today (legacy CW password reset FAQ:  How do end users reset their passwords?  Legacy Method - NOT SSO Method )?

   1. IF the answer is YES to that question, then BOTH the initial setup steps and password reset changes will apply to you.

Signing into Microsoft Sign-In Options Portal

When first moving to Cascade, if this applies to you as a VRL user, you will need to log in to the account through the Microsoft Security Signins portal to complete the process of setting up your user account.  Specifically, this will allow you to set up Multi-Factor Authentication (MFA).  In addition, in the future, you can use this portal to manage your MFA options for your cloud account.

To that end, please follow these steps to complete first time set up:

1. Open your web browser and browse to the following URL:  https://mysignins.microsoft.com/security-info

2. If you've already logged in to an Azure AD account, you will see a list of accounts from which to pick.  Since this should be the first time you have logged in to this account, you will need to click on "Use Another Account".

3.  Enter your new account's username 

4.  Paste your temporary password into the next field.

First Time ONLY Sign In Steps (MFA Setup)

5.  Microsoft will ask you to set up multifactor authentication (MFA).  Please click the "Next" button.

6.  You will now be able to choose the MFA option that you would like to use.  We highly recommend the Microsoft Authenticator application as it tends to be quite convenient and more secure than other options, such as SMS cell phone text messaging.  However, if you wish you may click the "I want to set up a different method" link on the bottom left which will allow you to choose between SMS text and a Google authenticator style time-based code (.a.k.a. TOTP).

NOTE:  We will only be documenting the steps to use Microsoft Authenticator.  For steps to set up the other two optional methods instead, please see Microsoft online help documentation.

7.  Please click "Next".

8.  Click next on the following screen.  After doing so, your computer's screen will show a QR code which can be scanned in the following steps.

9. Download and install the Microsoft Authenticator app on your phone or tablet.  Please note, the application is available from both the Apple App Store as well as the Google Play Store.   Merely search for Microsoft Authenticator.

10.  Once installed, please tap the icon on your mobile device to start the application.

11.  On your mobile device Tap the plus icon

12.  Tap the option to add a work or school account.

13.  Tap "Scan QR code".

14.  Your mobile device will now show the screen to scan the QR code that is on your computer's monitor.  Hold your mobile device's camera so that the QR code is displayed within the box.  The Microsoft Authenticator application will automatically add the account as part of the next step.

15.  AVD will send a notification to your phone or tablet, while at the same time displaying a number on your computer's screen.  Inside the notification on your mobile device please enter the number displayed on your computer's screen.  Once entered please click "yes".

16.  Once you have entered the number and tapped a yes on the mobile application, if you are successful you will receive a notification approved message on your computer.  Please click "next" on that screen.

17.  On your mobile device, you will know the process of adding your account to your Microsoft Authenticator application is complete when your new account is shown in the app.

18.  You will receive a notification on your computer saying that your new MFA method has been successfully added to your account.  Please click done to continue

Regular Sign in Steps (Continued)

19.  In the future, when logging into your Cascade account, you may be prompted to enter a number into your Microsoft Authenticator application on your mobile device.  This should be very similar to the items listed above in step 15.  

20.  Once you have entered the MFA number prompt, you will then be asked if you wish to Stay Signed in.  Please select your preferred option.

21.  Once you have logged in to the Microsoft Signins Portal and have set up MFA, you should be good to go to log in to VRL using your new Cascade portal-managed account.

NOTE:  Technically, once you have logged in for the first time and set up your user account, you will no longer need to use the Microsoft Signins Portal.  However, resetting passwords will be a different process going forward and is documented in this section:  How to reset passwords in Cascade Portal 

Changes

For Vista users to whom this applies, VRL users with "VIEWPOINT\" accounts, here are the areas of change for ongoing processes.   

Username for Password Resets - DOES Change

The major item that changes is the fact that, to reset your password, you will no longer use the old CloudWorkspace username in the form of "Username@companyIdentifier".  This may have looked like an email address (e.g. username@company.com)  in the past, but rest assured, it was NOT an email address on the back end.

Going forward, when you need to reset your password, your username will be in the new Cascade format:   FirstInitial.Lastname.CompanyCode@viewpoint.cloud

Username for Logging into Vista VRL - Does NOT Change

You username for Vista over VRL will not change, even though the username for resetting that acocunt's password will change.  The username you use for Vista itself will remain in the format of VIEWPOINT\username.code

Username for Logging in to Vista over RDP - DOES Change

Your username for resetting passwords will be your new "Cascade" user name which has been assigned to your user account.  This will be in the form of "FirstInitial.Lastname.CompanyCode@viewpoint.cloud".

Password Reset Process - DOES Change

To Reset your password in the cloud, after your initial log in and user account setup, you will need to use the new Cascade password reset method, documented here:  How to reset passwords in Cascade portal