What Authentication solution would you suggest in this scenario?

Paul Berta 40 Reputation points
2024-03-26T08:40:03.6+00:00

Context:

We are migrating from Azure App Gateway V1 to Azure App Gateway V2 for load balancing. For authentication purposes, we used NTLM which AG V2 does not support. Now I am trying to find an alternative.

Ideally, I want the authentications to happen at the gateway level so every client that reaches our internal network is authenticated. I was looking into Microsoft Entra ID but am unsure if it is the best solution.

What would you suggest (I am open to non-Azure solutions as well)? What would that setup look like if I were to use Microsoft Entra ID?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,088 questions
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
458 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,442 questions
0 comments No comments
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 47,491 Reputation points Microsoft Employee
    2024-03-28T09:10:58.4466667+00:00

    @Paul Berta ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to know about the Authentication methods available.

    Azure Application Gateway is designed to be a Layer 7 Reverse Proxy.

    As you noted, this resource is not designed for authentication out of the box.

    So, "authentications to happen at the gateway level" is not correct.

    Hence, you should have authentication mechanism at the backend of the App Gateway.

    More details wrt Entra Authentication can be found here

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil


    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.


1 additional answer

Sort by: Most helpful
  1. Q&A Assist
    2024-03-26T08:40:03.62+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    For your scenario, Microsoft Entra ID could be a good solution for authentication purposes. It supports modern authentication protocols and provides identity and access management in Azure, covering the management plane of Azure and integrating with the data planes of most Azure services. Microsoft Entra ID natively supports modern protocols such as SAML, WS-Fed, and OpenID Connect, and can also support legacy authentication methods through independent software vendors (ISVs) solutions.

    If you were to use Microsoft Entra ID, the setup would involve configuring your Azure App Gateway V2 to use Microsoft Entra ID for authentication. You would need to configure the appropriate authentication method, such as Microsoft Entra password hash synchronization or pass-through authentication, depending on your requirements. You can also use Microsoft Entra Conditional Access to dynamically control or block access to your applications based on risk conditions.


    References:

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.