Azure AD Application Proxy connector for Application in Linux server

Nafila Afrin 111 Reputation points
2021-10-10T12:07:47.277+00:00

hi,

I want to use Azure MFA for the application which resides in Linux server. But the application proxy connector can be only installed in Windows server. How can i use application proxy in this situation.

Thanks in advance.

Regards,
Nafila

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,721 Reputation points
    2021-10-11T08:36:58.613+00:00

    @Nafila Afrin

    Hello Nafila,

    Thanks for reaching out.

    Yes, Azure AD application proxy connector is a lightweight agent that runs only on a Windows Server (2012 R2 or higher version) but you can publish web applications running on servers other than Windows Server as long as AAD proxy connector machine has network connectivity with Non-windows application server (Like: Linux).

    This setup to work, you need to have windows server which is connected to same network as backend application server and installed AD application proxy connector on windows server, then you should be able to publish it through Azure AD proxy.

    However, you might not be able to use Windows Integrated authentication along with pre-authentication for a non-Windows Server, depending on if the web server supports Negotiate (Kerberos authentication).

    Flow would be:
    139360-image.png

    FAQ: https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-faq#can-only-iis-based-applications-be-published--what-about-web-applications-running-on-non-windows-web-servers--does-the-connector-have-to-be-installed-on-a-server-with-iis-installed-

    Remote access to on-premises applications through Azure AD Application Proxy: https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy

    If your backend application does support Kerberos Constrained Delegation (KCD) and you would like to enable Windows Integrated Authentication to experience SSO as shown below then make sure App proxy connector is domain joined and SPNEGO enabled on each App proxy connectors. Hope this helps.

    139423-image.png

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.