Blog Post

Microsoft Teams Blog
2 MIN READ

Access Your On-Premises Applications Directly in Teams

Harshini Jayaram's avatar
Apr 26, 2017

We have created a way for you to access your on-premises applications in your channel through pinned tabs. This can include your SharePoint sites or other business applications.

 

This flow is made possible using the Azure Active Directory Application Proxy. Many customers currently use Application Proxy to provide single sign-on (SSO) and secure remote access for web applications hosted on-premises. These flows don’t use a DMZ or VPN – all traffic goes through a light-weight agent on-premises that only uses outbound connections. You can learn more about the Application Proxy flow in our documentation.

 

Below are the steps for adding these applications to your channel. Please note that Application Proxy does require an Azure Active Directory License, and many O365 customers already have Azure Active Directory Premium. Learn more.

 

Step 1: Configure Application Proxy

The connection to the on-premises applications is made through a light-weight on-premises component, the “connector”. To configure Application Proxy, you need to install a connector on-premises. Instructions on doing so can be found here.

 

Step 2: Add an Application Proxy Application

Once you’ve enabled the connection to your on-premises network, you need to publish the application with the external URL that you will use to pin the application to your channel. The steps for publishing an application can be found here. Before continuing to step 3, please confirm that the external URL you published is working as expected.

 

Step 3: Pin the Application to your Channel

Finally, you can pin the application to your channel. To do so:

  1. Navigate to the channel where you want to add this tab. Click the “Add Tab” button.
  2. Select “Website” from the tab options.
  3. Name this tab. For the URL, enter the “External URL” you chose when publishing the application in Step #2.

 

You can now use the tab to access the application directly from your channel!

 

 

Learn More

If you’d like to learn more about Application Proxy or have any questions on this scenario, you can reach out to the team at aadapfeedback@microsoft.com. You can also always leave your questions and comments here on this blog as well!

 

 

About the Author

Harshini Jayaram

Azure Active Directory

 

Harshini Jayaram is a program manager on the Azure Identity team focused on Application Proxy. She joined Microsoft after graduating from MIT with a double major in computer science and management science. Prior to her current role she was on the Distribution and Services Platform (DSP) team, the team responsible for Windows Update among other services. In her time there, Harshini owned all DSP telemetry from client instrumentation and infrastructure through reporting and access, including for the Windows 10 and Anniversary Update launches.

Updated Jan 26, 2021
Version 3.0
  • I've got the same problem. Our internal SharePoint uses a link such as http://teamsharepoint/subsite/listname -- and I can't make that show in TEAMS because it's not HTTPS (and it never will be).   Is there any alternative to turn off this requirement?

  • Interesting. Is the VPN aspect why it is restricted to only https sites? Many internal tools teams may use could be a simple http served site which this currently does not allow. 

  • Deleted - The sites being published can be either http or https sites. The https restriction is only for the external, outward facing URL. This is to make sure we have the secured channel for authentication from the user to the Application Proxy service. This external https page will work with both http and https internal sites. If your internal site uses both http and https itself, that is also supported but requires a bit of additional configuration that I'm happy to share if relevant. 

  • There's no exernal proxy URL for this site, it's only available inside our network's internal DNS (similar ot "http://teamsharepoint/subsite/listname").  The site can't be accessed from outside our network.

  • Deleted - You can publish Sharepoint with an external Application Proxy URL that is https, even if the internal site is http. So in teams you are still using an https page (the external Application Proxy URL) and this should work. Please let me know if that is not resolving the problem.

  • The solution described in this post is specifically a way to pin websites that you publish through Application Proxy, which gives a secure way for those applications to be accessed outside your network by remote users. By using this flow as described above, you would be able to pin HTTP sites. 

    Suphatra Rufo, do you have any information about turning off the HTTPS requirement otherwise/in other scenarios?

  • Hi ! I would like to add our on premise client app like Dynamics NAV on Teams. Is there any solution ?


     

  • Harold Stewart's avatar
    Harold Stewart
    Copper Contributor

    I have been using "Website Tabs" to access a number of external resources.  I have even created a tab for quick access back to to MS Team Blog site.  However I noticed some navigation limitations, such as trying to return to the previous page and some links don't work.  Anyone else experiencing navigation?  Any suggested workarounds?

  • Doomboss's avatar
    Doomboss
    Copper Contributor

    I have a similar issue with my company. Regarding data security and data protection policies, I prefer to use a cloud system which is hosted by our company ourselves. One of which could be Sharepoint on premise. Or Owncloud.

     

    You can now use the tab to access the application directly from your channel!

     


     So, this appears to be an app, but in real it's a website, right?

    Thanks in advance for further clearance.

     

  • Ebilian's avatar
    Ebilian
    Copper Contributor

    Hi Harshini,

    Thank you for sharing this is quite valuable. I have an in house .net application  that is already in use,can you walk me through the process of embedding it into Teams as an app where user would not need to log in afresh before accessing it?Thank you