May 16 2018
11:27 PM
- last edited on
Jan 14 2022
04:47 PM
by
TechCommunityAP
May 16 2018
11:27 PM
- last edited on
Jan 14 2022
04:47 PM
by
TechCommunityAP
I know that it is possible to use Azure Application Proxy to do something like this.
But if we have ADFS / WAP (2016), can we do this too? And how is the process?
Do we have to back sync the guest user accounts or is it the same as with the Azure App Proxy by using MIM or Powershell?
Do we have to setup anything on the ADFS Server?
How is the experience for the end user? They get redirected from the webapp to the ADFS Login, then put in their UPN, but what is with the password?
May 31 2018 12:33 PM
SolutionHello Sven,
Yes it is possible.
You need to add Azure Active directory as a claim provider on ADFS, and ADFS as an application in AzureAD.
Check this it might help :-
https://www.youtube.com/watch?v=VIT6oL3Zhzg&t=12s
Regards,
Rishabh
Dec 06 2018 06:38 AM
Hi Rishabh,
thanks for the video. I could setup the claims provider with this.
I have one issue left. The guest user account from the azure ad get some weird Name ID Claim from Azure AD. I hoped I get some UPN or the logon name as the Name ID.
This is the NameID I get
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Qx7A-cgVG3o-D7qWLKKSjlrjijskdfjlKJSLKJJSLKJFw</NameID>
I can go around the issue by transforming the Email Claim as the Name ID for the target application. But I like to understand what AzureAD sends? I used the Get-AzureADUser but it isn't the ObjectId or any other Attribute I see on the User Account.
Regards,
Sven
May 31 2018 12:33 PM
SolutionHello Sven,
Yes it is possible.
You need to add Azure Active directory as a claim provider on ADFS, and ADFS as an application in AzureAD.
Check this it might help :-
https://www.youtube.com/watch?v=VIT6oL3Zhzg&t=12s
Regards,
Rishabh