May 16 2018
- last edited on
Jul 27 2020
I know that it is possible to use Azure Application Proxy to do something like this.
But if we have ADFS / WAP (2016), can we do this too? And how is the process?
Do we have to back sync the guest user accounts or is it the same as with the Azure App Proxy by using MIM or Powershell?
Do we have to setup anything on the ADFS Server?
How is the experience for the end user? They get redirected from the webapp to the ADFS Login, then put in their UPN, but what is with the password?
May 31 2018 12:33 PMSolution
Yes it is possible.
You need to add Azure Active directory as a claim provider on ADFS, and ADFS as an application in AzureAD.
Check this it might help :-
Dec 06 2018 06:38 AM
thanks for the video. I could setup the claims provider with this.
I have one issue left. The guest user account from the azure ad get some weird Name ID Claim from Azure AD. I hoped I get some UPN or the logon name as the Name ID.
This is the NameID I get
I can go around the issue by transforming the Email Claim as the Name ID for the target application. But I like to understand what AzureAD sends? I used the Get-AzureADUser but it isn't the ObjectId or any other Attribute I see on the User Account.