Configuring Softdrive Authentication

Our vision


Softdrive has an authentication system that is used for both logging into the remote desktop software and into your Softdrive management dashboard. Users with default permissions (non-admins) will have reduced access to features of the management dashboard - only being able to see and interact with their own PCs.

As a team admin, you can manage your team's authentication settings by going to the Security page on the management dashboard.

Authentication Providers

Softdrive provides two authentication providers out of the box: Softdrive login (email + password), and Microsoft login. By default, both options are enabled for new teams. If you'd prefer to restrict your users to one of the two options, you may do so in the dashboard. If all of your users are logging in with only one of the options, it's a good idea to disable the other.

Softdrive also supports custom OIDC and SAML authentication providers, if there is another authentication provider you would like to use or if you are running your own authentication provider that supports either of these standards.

Softdrive Login (Email + Password)

When a new user is invited to Softdrive, if Softdrive Login is enabled they will be asked to create a password. Using the email that they are registered with and this password, they will be able to login to the remote desktop software, and connect to any of their Cloud PCs or remote PCs. They will also be able to login to the management dashboard using these credentials.

Microsoft Login

When a new user is invited to Softdrive, their email is registered with our authentication service. Users are able to use Microsoft Login as a Single-Sign-On (SSO) authentication option by logging into the Microsoft account with the matching email address. Microsoft account emails are unique, so adding an email address as a new Softdrive user implicitly gives that Microsoft account access to Softdrive.

Custom Login (OIDC or SAML)

Softdrive supports the OpenID Connect (OIDC) and Security Assertion Markup Language (SAML) standards for custom authentication providers. This integration is not completely automated yet, so you'll need to contact us to configure this.

Two-Factor Authentication

Softdrive supports SMS (texts to phone numbers) one-time codes as a form of two-factor authentication (2FA).

2FA means that two "things" (factors) are needed to prove your identity and be authenticated. In general, multi-factor authentication (MFA) means that more than one "thing" is needed to provide identity. Typically, one factor would be something you know (a password) and another factor would be something you have (a physical device, like a cell phone). Using 2FA has significant security benefits compared to just using an email and password or otherwise just using one authentication factor.

Microsoft claims that MFA can block over 99.9 percent of account compromise attacks.

Softdrive 2FA is enabled by default. It can be disabled on a team-wide or per-user basis.

Softdrive 2FA is applicable to all of our supported authentication providers; you can use Softdrive 2FA with Softdrive Login (email + password), Microsoft Login, or with any custom provider. Your authentication provider may be configured to use 2FA already, in which case you may choose to disable Softdrive Login for your team and disable Softdrive 2FA and still retain a high level of security.

Other Softdrive 2FA options, such as Authenticator, are coming soon.

Managing Microsoft Login

Setting Up

To enable Microsoft Login for your organization, an Azure Active Directory (AD) administrator must follow these steps.

  1. Go to the Softdrive management dashboard (
  2. Select Sign In With Microsoft.
  3. Login to your Microsoft Account.
  4. A prompt will appear to authorize Softdrive. Select "Consent on behalf of your organization".
  5. You're done! You will now be able to login to Softdrive using your Microsoft Account and Softdrive will show up as an Enterprise App in your Azure management portal.

Restricting Access to Particular Users

You can manage permissions around accessing Softdrive in Azure. Softdrive accounts must still be created on the Softdrive management dashboard. Without creating a Softdrive account, users won't have anything to login to even if their Microsoft account is authorized to use the Softdrive Enterprise App.

To restrict which users can login to Softdrive using Microsoft Login, follow these steps. Note that if Microsoft Login is your only enabled authentication provider, you can enable/disable Softdrive access for a user entirely within your Azure AD.

  1. Go to your Azure management portal (
  2. Select Azure Active Directory.
  3. Select Enterprise applications.
  4. Select Softdrive.
  5. Select Properties.
  6. Set "Assignment required" to yes (to restrict users). You may set it to "no" to allow all of your users to use Microsoft Login for Softdrive.
  7. Select Users / groups.
  8. Add users and groups as needed using the "Add user / group" button.