Entra ID Application Proxy
Once again, it is time to talk about application management in Azure AD. If you haven't read my older post, I would recommend doing that, before continuing with this post.
The use & concept
Azure AD Application Proxy can help you provide on-premises applications to the public web. It makes use of a connector service, that is installed locally and has a network connection to your webserver. So it acts as an App broker. Usually the server with this agent installed, is located in the DMZ. A clear advantage is, that all the traffic and communication works over Azure and not your on-prem servers. Authentication runs through Azure AD and things like SSO are part of the implementation. We need a Azure AD Premium Plan 1 license for this product.
Add an on-premises application through Application Proxy
After you installed the connector service, you are ready to add an app to your application library. Add a new application in Azure AD:
Create your own application and select the first option (through App Proxy):
Enter the required information: (the rest is optional and is up to you)
- Name - display name of the app
- Internal Url - the address, on which the on-prem app is available
- External Url - the address, which your app will be exposed to the web
Single sign-on
- SAML - security assertion markup language protocol integration - the counter part app also needs to support this
- Password-based - uses a Browser extension - not directly SSO, because you another password
- Linked - is only a forward link (usecases: ADFS/own SSO mechanics)
- Windows Integrated Authentication - user impersonation through AD and Proxy connector - Kerberos delegation
- Header-based - special headers help for a authentication purpose
- Disabled - no SSO, you probably will just get forwareded
My applications
Access myapplications.microsoft.com for a single portal to all applications, that are linked to Azure AD. (Enterprise apps)
What happens on a sign-in?
See the timeline and additional information of using Azure AD Application Proxy.
Thanks to Pascal for helping me with the concepts.