Share via

Password Management For Legacy Desktop Application

Christian Capellan 2 Reputation points
2020-12-08T15:18:14.48+00:00

I have a requirement to secure access to a 3rd party Windows 10 application that is installed on our laptops and does not support any type of SSO. It authenticates the users with a username/password form that makes a call to their API for authentication. We want to hide the password from the employees so that they cannot install the app on personal devices, and thus only access the app on approved devices.

My first attempt was to try and use Azure AD Password-based SSO, but we quickly learned it only supports web-based applications since it uses a browser extension to log the user in.

I then went to see if we can use a password management solution like LastPass, but their Windows client does not hide the password from the user.

How can we implement either SSO with Azure AD or Password Management for this use-case?

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manoj Reddy 411 Reputation points Microsoft Employee
    2020-12-11T00:08:30.027+00:00

    I do not think this requirement can be met with Azure AD. Azure AD issues tokens for users within Azure AD for applications integrated with Azure AD. If the application is dependent directly on the username and password coming from the native app, Azure AD cannot act as the IDP.

    If you can figure out a way to integrate the app with Azure AD, then you can use CA policies to prevent the users from installing this on their personal devices.

    I know this is will not help you much but this use case is not feasible with Azure AD.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.