Scribd
Upload
612 views10 pages

Azure AD Proxy Setup Guide

1. Azure AD Application Proxy allows on-premises applications to be accessed securely via Azure AD without major infrastructure changes. 2. It works by generating a public URL for the on-premises app, authenticating users via Azure AD, forwarding requests to the on-premises application proxy connector, which obtains a Kerberos ticket to authenticate to the web app on the user's behalf. 3. Setting it up requires an Azure AD subscription, directory sync between on-premises AD and Azure AD, installing the application proxy connector on the web app server, and publishing the application.

Uploaded by

Rajaprabu S
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
612 views10 pages

Azure AD Proxy Setup Guide

1. Azure AD Application Proxy allows on-premises applications to be accessed securely via Azure AD without major infrastructure changes. 2. It works by generating a public URL for the on-premises app, authenticating users via Azure AD, forwarding requests to the on-premises application proxy connector, which obtains a Kerberos ticket to authenticate to the web app on the user's behalf. 3. Setting it up requires an Azure AD subscription, directory sync between on-premises AD and Azure AD, installing the application proxy connector on the web app server, and publishing the application.

Uploaded by

Rajaprabu S
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
  • Overview: Provides an introduction to Azure AD Application Proxy, emphasizing its integration capabilities with on-premises applications.
  • How it Works: Explains the operational flow of the Azure AD Application Proxy, detailing the role of each component in the architecture.
  • Prerequisites: Lists the necessary requirements for deploying Azure AD Application Proxy, including subscriptions and server setups.
  • Demo Setup: Describes the environment setup for a demo of the Azure AD Application Proxy, highlighting the use of Azure AD Premium and Active Directory 2016.
  • Enable Azure AD Proxy: Details the steps to enable the Azure AD proxy connector, preparing for further installation and configuration.
  • Install Application Connector: Outlines the process of installing the application connector on the server, with specific instructions for downloading and executing the installer.
  • Publish Application: Provides the steps required to publish an application in Azure AD, including navigating the portal and setting configuration data.
  • Testing: Designates an area presumably for testing procedures, though the page currently lacks content.

Azure AD Application Proxy

-Configuration
Azure AD Application Proxy
• Azure Active Directory Application Proxy can integrate on-premises
applications with Azure Active Directory and provide secure access
with minimum changes to the existing infrastructure.
How it works?
How it works?
1. User accessing the published Url (similar to application url which is hosted in Azure )for the application
from the internet. - azure generate public URL for on premises app
2. Redirected to log in page and will be authenticate using Azure AD.
3. After successful authentication, it generates a token and send it to user.
4. Request is forwarded to Azure AD application proxy. Extract User principle name (UPN) and security
principal name (SPN) from the token.
5. Request is forwarded to application proxy connector which is hosted in on-premises. This is act as a
broker service between application proxy module and web application.
6. Application proxy connector requests Kerberos ticket which can use to authenticate web application on
behalf of the user.
7. On-premise AD issue Kerberos ticket.
8. Kerberos ticket used to authenticate in to web app.
9. After successful authentication web app send response to application proxy connector.
10. Application proxy connector send response to the user and he/she can view the web application content.
Prerequisites
• Azure AD Basic or Premium Subscription
• Healthy Directory Sync with on-premises AD
• Server to install Azure Application Proxy Connector (same server
which host web application)
• Supported web application (type of applications are supported)
Demo Setup

In demo environment,
• Azure AD Premium Subscription
• Active Directory 2016 on-premises setup
• Web application running on IIS
Enable Azure AD proxy
Before installing application proxy connector, enable application proxy.
• Log in to Azure as Global Administrator
• Then open Azure Active Directory
• In next window click on Application proxy
• In next window click on Enable Application Proxy. Then it will explain
about feature and click on Yes to enable.
Install Application Connector
Install on same application server.
• Log in to Azure as Global Administrator
• Then go to Azure Active Directory | Application Proxy
• Then in window click on Download connector
• It will redirect to a page where you can download the connector. After Accepting terms
click Download
• Once file is downloaded, double click on AADApplicationProxyConnectorInstaller.exe to
start the connector installation.
• Then it will open up a wizard. Agree to licenses terms and click on install to proceed.
• During the installation, it asks for Azure login details. Provide an account which have
azure global admin privileges.
• After login details validates it will continue with the setup. Once it completes we ready to
publish the application.
Publish Application
Configuration is to publish the application,
• Log in to Azure as Global Administrator
• Then go to Azure Active Directory | Enterprise Applications
• Then in next window, click on New Application
• In categories page, Click on All and then click on on-premises
application
• Then it’s opens a new window where we can provide configuration
data for application.
• Once application is published, we can see it under Enterprises
Application.
Testing

You might also like