Azure Application Proxy - B2B Users, No SSO

%3CLINGO-SUB%20id%3D%22lingo-sub-2375911%22%20slang%3D%22en-US%22%3EAzure%20Application%20Proxy%20-%20B2B%20Users%2C%20No%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2375911%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EWe%20have%20an%20onsite%20website.%20We%20have%20a%20requirement%20to%20allow%20some%20external%20people%20access%20the%20site.%26nbsp%3BI%20was%20thinking%20of%20using%20Azure%20Application%20Proxy%2C%20which%20we've%20used%20to%20great%20success%20with%20internal%20users.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20while%20I%20think%20the%20website%20supports%20SAML%2C%20my%20understanding%20is%20that%20when%20the%20users%20log%20on%2C%20they%20will%20be%20required%20to%20enter%20a%20username%20and%20password%20on%20the%20website%20anyway%2C%20so%20no%20SSO.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20been%20reading%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fexternal-identities%2Fhybrid-cloud-to-on-premises%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fexternal-identities%2Fhybrid-cloud-to-on-premises%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebut%20I'm%20confused%20if%20we%20have%20to%20create%20a%20shadow%20account%20on%20our%20onsite%20AD%20if%20they%20won't%20be%20using%20SSO%3F%20I.e.%2C%20will%20AAP%20authenticate%20their%20guest%20account%20to%20the%20point%20they%20can%20see%20the%20web%20page%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2375911%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Application%20Proxy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EB2B%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Regular Contributor

Hi all,


We have an onsite website. We have a requirement to allow some external people access the site. I was thinking of using Azure Application Proxy, which we've used to great success with internal users. 

 

However, while I think the website supports SAML, my understanding is that when the users log on, they will be required to enter a username and password on the website anyway, so no SSO.

 

I've been reading https://docs.microsoft.com/en-us/azure/active-directory/external-identities/hybrid-cloud-to-on-premi...

 

but I'm confused if we have to create a shadow account on our onsite AD if they won't be using SSO? I.e., will AAP authenticate their guest account to the point they can see the web page?

 

 

0 Replies