Autheticate corporate users from Azure SSO

APTOS 221 Reputation points
2022-12-20T11:17:20.177+00:00

Hello ,

we need corporate users to authenticate to an onpremise application .this application is using SAML but unfortuanely our internal SSO dosen't support SAML (AKS)

i have learned that we can do this throught azure application proxy but this solution is for remote users (external).if i use it for corporate users for me it's not performant .

did you have any suggestion or it's good to use Azure application proxy anyway ?

Regards

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
    2022-12-21T09:37:26.917+00:00

    @APTOS

    Thank you for posting your question in Microsoft Q&A.

    Yes, you can utilize Azure AD app proxy for achieve what you are looking for. You can follow below link for the steps to configure this,
    https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-configure-single-sign-on-on-premises-apps

    However, as you mentioned Azure AD application proxy is used for users to access application from external network (remote). This will perform SAML authentication only if users try to access the application from external network. If users try to access the application from corporate network, it will fail the authentication because you mentioned that your internal SSO doesn't support SAML authentication.
    To overcome this situation, you will have to ask internal corporate network to access the application using external URL that is published in Azure AD app proxy.

    There is another approach using which you can get AAD to do SAML SSO for your internal application.
    You will have to configure your on-premise application in Azure AD as "create your own application"

    1. You can login to Azure portal
    2. Access the Azure active directory blade.
    3. Click on Enterprise applications.
    4. Click new application and then click on "create your own application".
    5. Select the option "Integrate any other application your don't find in the gallery (non-gallery)"
    6. Post creating an application, you can access the single sign-on blade and configure SAML settings.

    By configuring application this way, you can utilize AAD for SAML authentication and post authentication AAD can pass the SAML token to application directly.

    Do let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Carlos Solís Salazar 18,191 Reputation points MVP Volunteer Moderator
    2022-12-20T11:51:33.267+00:00

    Hi @APTOS

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    Definitely, Azure AD Application Proxy can help you with your situation.

    Here is the documentation for the configuration of SAML single sign-on for on-premises applications with Application Proxy

    Hope this helps!

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.