App Proxy and Enterprise App SAML auth on-premises app

Iron Contributor

Hi all,


Trying to get my head around a scenario and how it should work or the direction that should be taken.

We (a customer) has a custom internal app that is being set to use Azure AD for SAML based auth. This app also need to be made accessible externally.


Should the app have its own app registration/enterprise app and the app proxy function be a separate entity in Azure AD or should it all be a single Enterprise app with app proxy/SAML etc all together?


I figure for future flexibility separating the app auth from the app proxy would be good, but then I can't think how we would actually do the app proxy SSO configuration.


doing it as a single all-in-one I seem to run into some SAML issues (reply URL based) that will be down to the app configuration when accessed through app proxy.


The azure AD auth would be the authentication method internally and externally for the app.

1 Reply
Here is my understanding
- App code is hosted on server which is internal
- App is already registered with AAD as SAML App
- Requirement is to make it accessible from external location, possible options:-
- host the code in Azure WebApp
- Use App Proxy with PassThrough authentication(since app is handling SAML authentication, you need not to necessarily add another layer of authentication) and publish it over internet
- Put your server in DMZ network and allow traffic from external location.