App Proxy and Enterprise App SAML auth on-premises app

%3CLINGO-SUB%20id%3D%22lingo-sub-2891085%22%20slang%3D%22en-US%22%3EApp%20Proxy%20and%20Enterprise%20App%20SAML%20auth%20on-premises%20app%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2891085%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETrying%20to%20get%20my%20head%20around%20a%20scenario%20and%20how%20it%20should%20work%20or%20the%20direction%20that%20should%20be%20taken.%3C%2FP%3E%3CP%3EWe%20(a%20customer)%20has%20a%20custom%20internal%20app%20that%20is%20being%20set%20to%20use%20Azure%20AD%20for%20SAML%20based%20auth.%20This%20app%20also%20need%20to%20be%20made%20accessible%20externally.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EShould%20the%20app%20have%20its%20own%20app%20registration%2Fenterprise%20app%20and%20the%20app%20proxy%20function%20be%20a%20separate%20entity%20in%20Azure%20AD%20or%20should%20it%20all%20be%20a%20single%20Enterprise%20app%20with%20app%20proxy%2FSAML%20etc%20all%20together%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20figure%20for%20future%20flexibility%20separating%20the%20app%20auth%20from%20the%20app%20proxy%20would%20be%20good%2C%20but%20then%20I%20can't%20think%20how%20we%20would%20actually%20do%20the%20app%20proxy%20SSO%20configuration.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Edoing%20it%20as%20a%20single%20all-in-one%20I%20seem%20to%20run%20into%20some%20SAML%20issues%20(reply%20URL%20based)%20that%20will%20be%20down%20to%20the%20app%20configuration%20when%20accessed%20through%20app%20proxy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20azure%20AD%20auth%20would%20be%20the%20authentication%20method%20internally%20and%20externally%20for%20the%20app.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2891085%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApp%20Proxy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eapplication%20proxy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esaml%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

Hi all,

 

Trying to get my head around a scenario and how it should work or the direction that should be taken.

We (a customer) has a custom internal app that is being set to use Azure AD for SAML based auth. This app also need to be made accessible externally.

 

Should the app have its own app registration/enterprise app and the app proxy function be a separate entity in Azure AD or should it all be a single Enterprise app with app proxy/SAML etc all together?

 

I figure for future flexibility separating the app auth from the app proxy would be good, but then I can't think how we would actually do the app proxy SSO configuration.

 

doing it as a single all-in-one I seem to run into some SAML issues (reply URL based) that will be down to the app configuration when accessed through app proxy.

 

The azure AD auth would be the authentication method internally and externally for the app.

0 Replies