SOLVED

App proxy external URL access

%3CLINGO-SUB%20id%3D%22lingo-sub-2569586%22%20slang%3D%22en-US%22%3EApp%20proxy%20external%20URL%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2569586%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20a%20user%20has%20access%20to%20an%20on-prem%20app%20that%20is%20published%20via%20App%20Proxy%20using%20passthrough%20authentication%2C%20can%20the%20user%20access%20the%20external%20URL%20if%20they%20are%20not%20assigned%20the%20app%20in%20Azure%20AD%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2807763%22%20slang%3D%22en-US%22%3ERe%3A%20App%20proxy%20external%20URL%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2807763%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F688362%22%20target%3D%22_blank%22%3E%40stromnessian%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20sure%20if%20you've%20already%20gotten%20your%20answer%20but%20I%20do%20have%20an%20App%20Proxy%20with%20passthrough%20authentication%20that%20is%20operational%20even%20if%20they%20are%20not%20assigned%20the%20app%20in%20Azure%20AD.%20My%20understanding%20is%20that%3A%3C%2FP%3E%3CP%3E-%20you%20would%20only%20need%20to%20assign%20the%20app%20in%20Azure%20AD%20if%20you%20choose%20your%20App%20Proxy%20Pre%20Authentication%20method%20to%20%22Azure%20Active%20Directory%22%3C%2FP%3E%3CP%3E-%20passthrough%20authentication%20bypasses%20Azure%20AD%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI've%20also%20stumbled%20upon%20this%20really%20helpful%20video%20to%20understand%20how%20both%20app%20proxy%20authentications%20work%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DBXHbYSRSpic%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DBXHbYSRSpic%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGood%20luck!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi

 

If a user has access to an on-prem app that is published via App Proxy using passthrough authentication, can the user access the external URL if they are not assigned the app in Azure AD?

 

Many thanks

1 Reply
best response confirmed by stromnessian (Contributor)
Solution

Hi @stromnessian 

Not sure if you've already gotten your answer but I do have an App Proxy with passthrough authentication that is operational even if they are not assigned the app in Azure AD. My understanding is that:

- you would only need to assign the app in Azure AD if you choose your App Proxy Pre Authentication method to "Azure Active Directory"

- passthrough authentication bypasses Azure AD


I've also stumbled upon this really helpful video to understand how both app proxy authentications work: https://www.youtube.com/watch?v=BXHbYSRSpic

 

Good luck!