Forum Discussion
Tayyab Suhail
Jan 29, 2019Copper Contributor
Ping Access with Azure AD
Hi All, I am using OpenIdConnect for authentication and authorization with Azure AD in my application. The application is deployed on Azure VM accessible through VPN and to make it available for...
Alexey Goncharov
Feb 03, 2019Iron Contributor
Tayyab Suhail Let's make it clear, OpenID Connect is authentication layer of the OAuth 2.0., i.e. authorization is being managed through Azure AD OAuth. In order to enable VPN-less access to your application you don't need Ping as Azure AD and Azure Application Proxy allow vpn-less access to any application whether those apps are hosted on premises or in the cloud. Here is step by step instruction how to do that for on-prem application: https://www.youtube.com/watch?v=_2kWq5H4NhY
Tayyab Suhail
Feb 04, 2019Copper Contributor
Hi Alexey,
Thanks for your response and sharing you tube link. Yes, our authorization server is Azure AD and we are using OpenIdConnect for authentication. I do agree with you that we can achieve vpn-less access without Ping Access but this is our client's organization process of achieving it through Ping Access. I am planning to present possible solutions without ping access to client but in case they still use ping access then i will have to change implementation of my application because currently my application authorization server is Azure AD and we are using OAuth Authorization code grant flow and using OpenIDConnect for authentication. Once we receive the authorization code from Azure AD, we request for the access tokens from Azure AD for our different O365 applications (SharePoint, Graph etc.) registered in Azure AD.
After integration with Ping Access my understanding is that we will receive required tokens (authorization code & app tokens) from Ping federate for our different applications. Is my understanding correct?
- Alexey GoncharovFeb 07, 2019Iron ContributorIf authorization point for your Apps/SaaS is Ping, and AAD is simply a federated IdP, then Ping is the one who supposed to issue access tokens to your clients
- Tayyab SuhailFeb 08, 2019Copper ContributorThanks :)