locked
Internal App Authentication for External Users RRS feed

  • Question

  • Hi<o:p></o:p>

     

    We have requirement to grant access to one of our internally (SAP based) hosted application to our customers (not employees or vendors / contractors). We’re a manufacturing company so, the customers for example can place order for example in that application.<o:p></o:p>

     

    We obviously do not want to host and manage customer identities (user accounts) in our internal Active Directory. However, we’re open to have that additional identity store hosted somewhere in our DMZ environment (or preferable in Azure AD) and have that DMZ based (possibly separate) AD forest, authenticate against our internal AD forest (say using federation like ADFS).<o:p></o:p>

    1. Want to know if we can use Azure Active Directory as an identity store and use Azure Active Directory Application Proxy service to enable customers access to web application hosted on-premises (Corporate LAN) as stated here Azure AD Application Proxy--> https://docs.microsoft.com/en-us/azure/active-directory/application-proxy-publish-azure-portal<o:p></o:p>

    2. Will there be a AD trust / federation trust requirement (as the Azure AD where the customer identities and the web application server has no connection). How we can establish this connection??? and will this enable SSO?

    3. It it more suitable (or only applicable option) to use Azure AD B2C--> https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview<o:p></o:p>

     

    Thanks<o:p></o:p>

    Taranjeet Singh<o:p></o:p>


    zamn


    Thursday, February 1, 2018 1:54 AM

All replies