Managed Identity preauth Application Proxy

Juraj Ban 0 Reputation points
2024-06-11T12:43:28.0566667+00:00

How to Configure Enterprise Application with Application Proxy to on-premise resource where only PreAuth account will be Managed Identity.

When adding users/groups I cannot select/find Managed Identity to give permission for PreAuth.

Basically,

Azure Function should use Managed Identity to PreAuth to Application Proxy and retrive over API some data from on-premis resource.

If that is not possible, what is recommended way?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,518 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 6,535 Reputation points Microsoft Vendor
    2024-06-13T11:51:00.5+00:00

    Hi @Juraj Ban

    Thank you for posting this in Microsoft Q&A.

    I understand that you are facing issues while adding users/groups you cannot select/find Managed Identity to give permission for PreAuth.

    To add the MSI (essentially a service principal) to the Users and groups of an enterprise application, it is different from adding a user/group, you need to leverage the azure ad app role.

    Please follow the steps below.

    1.Navigate to Microsoft Entra admin center in the portal -> App registrations -> search for your app name with the filter All applications -> click it -> App roles -> Create app role -> create the role like below -> Apply.

    enter image description here

    2.Use the PowerShell below

    New-MgServicePrincipalAppRoleAssignment 
    -ServicePrincipalId $serverServicePrincipalObjectId 
    -PrincipalId $managedIdentityObjectId 
    -ResourceId $serverServicePrincipalObjectId 
    -AppRoleId $appRoleId
    

    After doing the steps above, navigate to the Users and groups, you will find the MSI is added to it.

    For more information: Assign a managed identity access to Enterprise application

    Hope this helps. Do let us know if you any further queries. If you are encountering any issues, please post back by responding in the comments section

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments No comments