Today, I'm excited to announce the general availability of SAML-based single sign-on (SSO) support for your on-premises apps using Application Proxy. Hundreds of customers have used this integration to connect their custom Line of Business apps with Azure Active Directory (Azure AD) and to integrate popular on-premises applications like Tableau, Qlik, and more.
Connecting all your apps to Azure AD is a critical step in making identity your control plane. In case you missed it, we put together guidance and tools to help you discover your applications and connect them to Azure AD.
Since your on-premises applications use a variety of authentication protocols, we expanded the number of authentication options we support with Azure AD Application Proxy. Connecting your on-premises applications to Azure AD Application Proxy benefits from all the work we’ve done in Azure AD to secure your applications with Identity Protection, Multi-Factor Authentication (MFA), and Conditional Access.
One of the biggest requests we received over the past several months is to support applications that use SAML to authenticate against Azure AD that are running on-premises or in your private network.
Read on to learn how it works and how to get started right away!
Using SAML SSO with Azure AD Application Proxy works in two main parts:
After configuring SAML SSO with Application Proxy you can take advantage of modern Azure AD security and governance features such as MFA, Conditional Access, Identity Protection, Delegated Application Access, Access Reviews, and many more. Users also have a seamless remote access and SSO experience on any device, anywhere.
If you’re new to Application Proxy and want to learn more about its secure remote access benefits and how it can help you extend Azure AD to your on-premises environment, read our whitepaper. You'll learn about how to build a remote access strategy based on identity and how to bring the power of Azure AD to your on-premises applications.
You can get started today by visiting the Azure AD portal and create a new application or update an existing Application Proxy app to use SAML for SSO. First, make sure you have Application Proxy enabled and a connector installed in your on-premises environment before setting up your application. To learn more about how to enable Application Proxy see our tutorial.
Starting with a new application
If you’re starting with a new application, we recommend that you:
Updating an existing application
If you’re updating an existing application already published through Application Proxy, follow the steps to configure SAML-based SSO outlined in SAML-based single sign-on. Next, make sure that your Reply URL configuration corresponds to the Application Proxy External URL or is a sub path of it.
For a full step-by-step guide and best practices on how to configure SAML-based SSO for your on-premises applications using Azure AD Application Proxy, see our complete documentation.
As always, we’d love to hear any feedback or suggestions you may have. Please let us know what you think in the comments below or on the Azure AD feedback forum.
Alex Simons (@Alex_A_Simons )
Corporate VP of Program Management
Microsoft Identity Division
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.