locked
Azure Proxy solution for On-premise apps RRS feed

  • Question

  • Would like to know if we can use azure proxy for on-premise apps which require VPN to access from out of corporate network? We have azure AD set-up however need to find a solution for accessing on-premise apps which are not SAML enabled and require VPN to access from out-network.

    Thanks in advance. 


    Alex

    • Moved by Ajay Kadam Wednesday, March 28, 2018 6:28 AM better suited here
    Wednesday, March 28, 2018 5:15 AM

Answers

  • Azure AD proxy will help your users to connect on-premise apps without a VPN as it uses application proxy connector.

    As shown in diagram app proxy connector will handle the authentication when user wants to access the on-premise app from outside of corporate network.

    1. The user accesses the application through the Application Proxy service and is directed to the Azure AD sign-in page to authenticate.
    2. After a successful sign-in, a token is generated and sent to the client device.
    3. The client sends the token to the Application Proxy service, which retrieves the user principal name (UPN) and security principal name (SPN) from the token, then directs the request to the Application Proxy connector.
    4. If you have configured single sign-on, the connector performs any additional authentication required on behalf of the user.
    5. The connector sends the request to the on-premises application.
    6. The response is sent through Application Proxy service and connector to the user.

    -------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    • Proposed as answer by Ajay Kadam Wednesday, March 28, 2018 8:07 AM
    • Marked as answer by Alex_008 Wednesday, March 28, 2018 5:36 PM
    Wednesday, March 28, 2018 8:07 AM

All replies

  • You can use Azure AD Application Proxy for publishing your on-premise apps. These on-premises web applications are integrated with Azure AD. End users can access your on-premises applications the same way they access O365 and other SaaS apps integrated with Azure AD. You don't need to change the network infrastructure or require VPN to provide this solution for your users. Refer: How to provide secure remote access to on-premises applications

    ----------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    • Proposed as answer by Ajay Kadam Wednesday, March 28, 2018 6:29 AM
    Wednesday, March 28, 2018 6:28 AM
  • Thank you for your response. 

    I am confirming because the on-premise apps use VPN now. The reasoning you provided would work because azure ad proxy connector is on-premise which is why it won't require users to access application via VPN even if they access it from out of corporate network? 

    The solution I am looking for my users is to bypass VPN for on-premise apps even if they access it out-of-office network.


    Alex

    Wednesday, March 28, 2018 6:36 AM
  • Azure AD proxy will help your users to connect on-premise apps without a VPN as it uses application proxy connector.

    As shown in diagram app proxy connector will handle the authentication when user wants to access the on-premise app from outside of corporate network.

    1. The user accesses the application through the Application Proxy service and is directed to the Azure AD sign-in page to authenticate.
    2. After a successful sign-in, a token is generated and sent to the client device.
    3. The client sends the token to the Application Proxy service, which retrieves the user principal name (UPN) and security principal name (SPN) from the token, then directs the request to the Application Proxy connector.
    4. If you have configured single sign-on, the connector performs any additional authentication required on behalf of the user.
    5. The connector sends the request to the on-premises application.
    6. The response is sent through Application Proxy service and connector to the user.

    -------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    • Proposed as answer by Ajay Kadam Wednesday, March 28, 2018 8:07 AM
    • Marked as answer by Alex_008 Wednesday, March 28, 2018 5:36 PM
    Wednesday, March 28, 2018 8:07 AM