locked
Azure AD Application Proxy RRS feed

  • Question

  • I have a requirement to install Azure AD application Proxy for on-premise applications. I have below questions to clarify:

    1) Do I have to install Azure proxy connector on the Web application server or I can install it on any member server in my corp network? Not sure how proxy connector will connect to the application server if i install it on any member server in the corp network.

    2) Do i have to make any change in the application authentication in the application also? Because it is currently set to AD but after installing and configuring Azure proxy, how application authentication would change automatically? 

    Thank you in advance.


    Kukar

    Tuesday, August 15, 2017 5:51 PM

Answers

  • The app proxy connector can be installed on any machine in your network that has connectivity to your application. When you create your app proxy application in Azure AD you provide an internal URL, this is the URL app proxy uses to connect to your application from the connector.

    If you are currently using windows auth on your app, and you are syncing your AD users up to AAD, then you can setup the pre-auth and single sign on option in App Proxy, and as long as you have delegation and SPNs setup correctly you will be signed in to your app automatically once complete app proxy pre-auth. See here - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-sso-using-kcd


    Sam Cogan Microsoft Azure MVP
    Blog | Twitter

    • Marked as answer by Alex_008 Tuesday, August 15, 2017 10:04 PM
    Tuesday, August 15, 2017 7:05 PM